Hestiacp Control_panel
14 CVEs affecting Hestiacp Control_panel. Latest disclosed: 2023-10-29. Critical: 2, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-1509 | Critical | 9.9 | 2022-04-28 | Command Injection Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.12. An authenticated remote attacker with low privileges can execute arbitr… |
CVE-2021-3797 | Critical | 9.8 | 2021-09-15 | hestiacp is vulnerable to Use of Wrong Operator in String Comparison |
CVE-2022-2550 | High | 8.8 | 2022-07-27 | OS Command Injection in GitHub repository hestiacp/hestiacp prior to 1.6.5. |
CVE-2022-2636 | High | 8.5 | 2022-08-05 | Improper Control of Generation of Code ('Code Injection') in GitHub repository hestiacp/hestiacp prior to 1.6.6. |
CVE-2023-5839 | High | 7.8 | 2023-10-29 | Privilege Chaining in GitHub repository hestiacp/hestiacp prior to 1.8.9. |
CVE-2022-2626 | High | 7.2 | 2022-08-05 | Incorrect Privilege Assignment in GitHub repository hestiacp/hestiacp prior to 1.6.6. |
CVE-2020-10966 | Medium | 6.5 | 2020-03-25 | In the Password Reset Module in VESTA Control Panel through 0.9.8-25 and Hestia Control Panel before 1.1.1, Host header manipulation leads to account takeover… |
CVE-2023-3479 | Medium | 6.1 | 2023-06-30 | Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.7.8. |
CVE-2021-30071 | Medium | 6.1 | 2022-08-18 | A cross-site scripting (XSS) vulnerability in /admin/list_key.html of HestiaCP before v1.3.5 allows attackers to execute arbitrary web scripts or HTML via a cr… |
CVE-2022-0986 | Medium | 6.1 | 2022-03-16 | Reflected Cross-site Scripting (XSS) Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.11. |
CVE-2022-0752 | Medium | 6.1 | 2022-03-04 | Cross-site Scripting (XSS) - Generic in GitHub repository hestiacp/hestiacp prior to 1.5.9. |
CVE-2022-0838 | Medium | 6.1 | 2022-03-04 | Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.10. |
CVE-2022-0753 | Medium | 6.1 | 2022-03-03 | Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.9. |
CVE-2021-27231 | Medium | 5.4 | 2021-02-16 | Hestia Control Panel 1.3.5 and below, in a shared-hosting environment, sometimes allows remote authenticated users to create a subdomain for a different custom… |