Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

panel vulnerabilities and exploits

(subscribe to this query)
4.3
CVSSv2

CVE-2006-1080

Cross-site scripting (XSS) vulnerability in login.php in Game-Panel 2.6.1 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the message parameter, possibly requiring a URL encoded value.
Game-panel Game-panel 2.6Game-panel Game-panel 2.6.1
7.5
CVSSv2

CVE-2012-1557

SQL injection vulnerability in admin/plib/api-rpc/Agent.php in Parallels Plesk Panel 7.x and 8.x prior to 8.6 MU#2, 9.x prior to 9.5 MU#11, 10.0.x before MU#13, 10.1.x before MU#22, 10.2.x before MU#16, and 10.3.x before MU#5 allows remote malicious users to execute arbitrary SQL...
Parallels Parallels Plesk Panel 7.0Parallels Parallels Plesk Panel 7.6.1Parallels Parallels Plesk Panel 8.0Parallels Parallels Plesk Panel 8.1Parallels Parallels Plesk Panel 8.2Parallels Parallels Plesk Panel 8.3Parallels Parallels Plesk Panel 8.4Parallels Parallels Plesk Panel 8.6Parallels Parallels Plesk Panel 9.0Parallels Parallels Plesk Panel 9.2Parallels Parallels Plesk Panel 9.3Parallels Parallels Plesk Panel 9.5
4.3
CVSSv2

CVE-2014-2035

Cross-site scripting (XSS) vulnerability in xhr.php in InterWorx Web Control Panel (aka InterWorx Hosting Control Panel and InterWorx-CP) prior to 5.0.13 build 574 allows remote malicious users to inject arbitrary web script or HTML via the i parameter.
Interworx Web Control PanelInterworx Web Control Panel 5.0Interworx Web Control Panel 5.0.10Interworx Web Control Panel 5.0.11Interworx Web Control Panel 5.0.12
4.3
CVSSv2

CVE-2004-1499

Cross-site scripting (XSS) vulnerability in the compose message form in HELM 3.1.19 and previous versions allows remote malicious users to execute arbitrary web script or HTML via the Subject field.
Webhost Automation Helm Control Panel 3.1.10Webhost Automation Helm Control Panel 3.1.11Webhost Automation Helm Control Panel 3.1.12Webhost Automation Helm Control Panel 3.1.13Webhost Automation Helm Control Panel 3.1.14Webhost Automation Helm Control Panel 3.1.15Webhost Automation Helm Control Panel 3.1.16Webhost Automation Helm Control Panel 3.1.17Webhost Automation Helm Control Panel 3.1.18Webhost Automation Helm Control Panel 3.1.19
7.5
CVSSv2

CVE-2004-1498

SQL injection vulnerability in the compose message form in HELM 3.1.19 and previous versions allows remote malicious users to execute arbitrary SQL commands via the messageToUserAccNum parameter.
Webhost Automation Helm Control Panel 3.1.10Webhost Automation Helm Control Panel 3.1.11Webhost Automation Helm Control Panel 3.1.12Webhost Automation Helm Control Panel 3.1.13Webhost Automation Helm Control Panel 3.1.14Webhost Automation Helm Control Panel 3.1.15Webhost Automation Helm Control Panel 3.1.16Webhost Automation Helm Control Panel 3.1.17Webhost Automation Helm Control Panel 3.1.18Webhost Automation Helm Control Panel 3.1.19
6.5
CVSSv3

CVE-2020-10966

In the Password Reset Module in VESTA Control Panel up to and including 0.9.8-25 and Hestia Control Panel prior to 1.1.1, Host header manipulation leads to account takeover because the victim receives a reset URL containing an attacker-controlled server name.
Hestiacp Control PanelVestacp Control Panel
7.2
CVSSv3

CVE-2021-46850

myVesta Control Panel prior to 0.9.8-26-43 and Vesta Control Panel prior to 0.9.8-26 are vulnerable to command injection. An authenticated and remote administrative user can execute arbitrary commands via the v_sftp_license parameter when sending HTTP POST requests to the /edit/s...
Vestacp Control PanelVestacp Vesta Control Panel
7.5
CVSSv2

CVE-2008-6950

Multiple SQL injection vulnerabilities in login.asp in Bankoi WebHosting Control Panel 1.20 allow remote malicious users to execute arbitrary SQL commands via the (1) username or (2) password field.
Webhost-panel Bankoi Webhosting Control Panel 1.20
9.8
CVSSv3

CVE-2023-3631

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Medart Health Services Medart Notification Panel allows SQL Injection.This issue affects Medart Notification Panel: up to and including 20231123. NOTE: The vendor was c...
Medart Notification Panel Project Medart Notification Panel
4.3
CVSSv2

CVE-2014-1855

Multiple cross-site scripting (XSS) vulnerabilities in Seo Panel prior to 3.5.0 allow remote malicious users to inject arbitrary web script or HTML via the (1) capcheck parameter to directories.php or (2) keyword parameter to proxy.php.
Seopanel Seo PanelSeopanel Seo Panel 3.3.1
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
path traversalCVE-2025-2657CVE-2025-30066CVE-2025-24813apache commons vfsCVE-2025-2478validationCVE-2025-2674code injectionmedical card generation systemmicrosoft edge (chromium-based)CVE-2025-2688cicadascms
Home
/
Search Results
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook