Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
hestiacp control panel vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2020-10966
In the Password Reset Module in VESTA Control Panel up to and including 0.9.8-25 and Hestia Control Panel prior to 1.1.1, Host header manipulation leads to account takeover because the victim receives a reset URL containing an attacker-controlled server name.
Hestiacp Control Panel
Vestacp Control Panel
6.1
CVSSv3
CVE-2023-3479
Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp before 1.7.8.
Hestiacp Control Panel
9.8
CVSSv3
CVE-2021-3797
hestiacp is vulnerable to Use of Wrong Operator in String Comparison
Hestiacp Control Panel
6.1
CVSSv3
CVE-2022-0838
Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp before 1.5.10.
Hestiacp Control Panel
6.1
CVSSv3
CVE-2022-0986
Reflected Cross-site Scripting (XSS) Vulnerability in GitHub repository hestiacp/hestiacp before 1.5.11.
Hestiacp Control Panel
8.8
CVSSv3
CVE-2022-2636
Improper Control of Generation of Code ('Code Injection') in GitHub repository hestiacp/hestiacp before 1.6.6.
Hestiacp Control Panel
8.8
CVSSv3
CVE-2022-2550
OS Command Injection in GitHub repository hestiacp/hestiacp before 1.6.5.
Hestiacp Control Panel
7.2
CVSSv3
CVE-2022-2626
Incorrect Privilege Assignment in GitHub repository hestiacp/hestiacp before 1.6.6.
Hestiacp Control Panel
8.8
CVSSv3
CVE-2022-1509
Sed Injection Vulnerability in GitHub repository hestiacp/hestiacp before 1.5.12. An authenticated remote attacker with low privileges can execute arbitrary code under root context.
Hestiacp Control Panel
6.1
CVSSv3
CVE-2021-30071
A cross-site scripting (XSS) vulnerability in /admin/list_key.html of HestiaCP before v1.3.5 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload.
Hestiacp Control Panel
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
CVE-2023-38506
CVE-2024-37198
CVE-2023-45197
CVE-2024-38621
CVE-2024-30103
elevation of privilege
CVE-2024-0044
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »