Hestiacp Control_panel

14 CVEs affecting Hestiacp Control_panel. Latest disclosed: 2023-10-29. Critical: 2, High: 4.

Top CVEs affecting Hestiacp Control_panel
CVESeverityScorePublishedSummary
CVE-2022-1509Critical9.92022-04-28Command Injection Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.12. An authenticated remote attacker with low privileges can execute arbitr…
CVE-2021-3797Critical9.82021-09-15hestiacp is vulnerable to Use of Wrong Operator in String Comparison
CVE-2022-2550High8.82022-07-27OS Command Injection in GitHub repository hestiacp/hestiacp prior to 1.6.5.
CVE-2022-2636High8.52022-08-05Improper Control of Generation of Code ('Code Injection') in GitHub repository hestiacp/hestiacp prior to 1.6.6.
CVE-2023-5839High7.82023-10-29Privilege Chaining in GitHub repository hestiacp/hestiacp prior to 1.8.9.
CVE-2022-2626High7.22022-08-05Incorrect Privilege Assignment in GitHub repository hestiacp/hestiacp prior to 1.6.6.
CVE-2020-10966Medium6.52020-03-25In the Password Reset Module in VESTA Control Panel through 0.9.8-25 and Hestia Control Panel before 1.1.1, Host header manipulation leads to account takeover…
CVE-2023-3479Medium6.12023-06-30Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.7.8.
CVE-2021-30071Medium6.12022-08-18A cross-site scripting (XSS) vulnerability in /admin/list_key.html of HestiaCP before v1.3.5 allows attackers to execute arbitrary web scripts or HTML via a cr…
CVE-2022-0986Medium6.12022-03-16Reflected Cross-site Scripting (XSS) Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.11.
CVE-2022-0752Medium6.12022-03-04Cross-site Scripting (XSS) - Generic in GitHub repository hestiacp/hestiacp prior to 1.5.9.
CVE-2022-0838Medium6.12022-03-04Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.10.
CVE-2022-0753Medium6.12022-03-03Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.9.
CVE-2021-27231Medium5.42021-02-16Hestia Control Panel 1.3.5 and below, in a shared-hosting environment, sometimes allows remote authenticated users to create a subdomain for a different custom…