Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vestacp vesta control panel vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2022-36303
Vesta v1.0.0-5 exists to contain a cross-site scripting (XSS) vulnerability via the handle_file_upload function at /web/api/v1/upload/UploadHandler.php.
Vestacp Vesta Control Panel 1.0.0-5
6.1
CVSSv3
CVE-2022-36305
Vesta v1.0.0-5 exists to contain a cross-site scripting (XSS) vulnerability via the body function at /web/api/v1/upload/UploadHandler.php.
Vestacp Vesta Control Panel 1.0.0-5
6.1
CVSSv3
CVE-2022-34025
Vesta v1.0.0-5 exists to contain a cross-site scripting (XSS) vulnerability via the post function at /web/api/v1/upload/UploadHandler.php.
Vestacp Vesta Control Panel 1.0.0-5
9.8
CVSSv3
CVE-2021-43693
vesta 0.9.8-24 is affected by a file inclusion vulnerability in file web/add/user/index.php.
Vestacp Vesta Control Panel 0.9.8-24
8.8
CVSSv3
CVE-2015-4117
Vesta Control Panel prior to 0.9.8-14 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the backup parameter to list/backup/index.php.
Vestacp Control Panel
1 EDB exploit
6.5
CVSSv3
CVE-2020-10966
In the Password Reset Module in VESTA Control Panel up to and including 0.9.8-25 and Hestia Control Panel prior to 1.1.1, Host header manipulation leads to account takeover because the victim receives a reset URL containing an attacker-controlled server name.
Hestiacp Control Panel
Vestacp Control Panel
6.1
CVSSv3
CVE-2018-18547
Vesta Control Panel up to and including 0.9.8-22 has XSS via the edit/web/ domain parameter, the list/backup/ backup parameter, the list/rrd/ period parameter, the list/directory/ dir_a parameter, or the filename to the list/directory/ URI.
Vestacp Control Panel
7.8
CVSSv3
CVE-2021-30463
VestaCP up to and including 0.9.8-24 allows malicious users to gain privileges by creating symlinks to files for which they lack permissions. After reading the RKEY value from user.conf under the /usr/local/vesta/data/users/admin directory, the admin password can be changed via a...
Vestacp Control Panel
7.8
CVSSv3
CVE-2022-3967
A vulnerability, which was classified as critical, was found in Vesta Control Panel. Affected is an unknown function of the file func/main.sh of the component sed Handler. The manipulation leads to argument injection. An attack has to be approached locally. The name of the patch ...
Vestacp Control Panel
6.1
CVSSv3
CVE-2019-9841
Vesta Control Panel 0.9.8-23 allows XSS via a crafted URL.
Vestacp Control Panel 0.9.8-23
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »