Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Hestiacp Subscribe
Total 13 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-30071 1 Hestiacp 1 Control Panel 2022-10-24 4.3 MEDIUM 6.1 MEDIUM
A cross-site scripting (XSS) vulnerability in /admin/list_key.html of HestiaCP before v1.3.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2021-30070 1 Hestiacp 1 Hestiacp 2022-08-19 N/A 7.5 HIGH
An issue was discovered in HestiaCP before v1.3.5. Attackers are able to arbitrarily install packages due to values taken from the pgk [] parameter in the update request being transmitted to the operating system's package manager.
CVE-2022-2626 1 Hestiacp 1 Control Panel 2022-08-08 N/A 7.2 HIGH
Incorrect Privilege Assignment in GitHub repository hestiacp/hestiacp prior to 1.6.6.
CVE-2022-2636 1 Hestiacp 1 Control Panel 2022-08-06 N/A 8.8 HIGH
Improper Input Validation in GitHub repository hestiacp/hestiacp prior to 1.6.6.
CVE-2022-2550 1 Hestiacp 1 Control Panel 2022-08-02 N/A 8.8 HIGH
OS Command Injection in GitHub repository hestiacp/hestiacp prior to 1.6.5.
CVE-2020-10966 2 Hestiacp, Vestacp 2 Control Panel, Control Panel 2022-07-12 4.3 MEDIUM 6.5 MEDIUM
In the Password Reset Module in VESTA Control Panel through 0.9.8-25 and Hestia Control Panel before 1.1.1, Host header manipulation leads to account takeover because the victim receives a reset URL containing an attacker-controlled server name.
CVE-2022-1509 1 Hestiacp 1 Control Panel 2022-05-06 9.0 HIGH 8.8 HIGH
Sed Injection Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.12. An authenticated remote attacker with low privileges can execute arbitrary code under root context.
CVE-2022-0986 1 Hestiacp 1 Control Panel 2022-03-22 4.3 MEDIUM 6.1 MEDIUM
Reflected Cross-site Scripting (XSS) Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.11.
CVE-2022-0838 1 Hestiacp 1 Control Panel 2022-03-10 4.3 MEDIUM 6.1 MEDIUM
Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.10.
CVE-2022-0752 1 Hestiacp 1 Control Panel 2022-03-10 4.3 MEDIUM 6.1 MEDIUM
Cross-site Scripting (XSS) - Generic in GitHub repository hestiacp/hestiacp prior to 1.5.9.
CVE-2022-0753 1 Hestiacp 1 Control Panel 2022-03-09 4.3 MEDIUM 6.1 MEDIUM
Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.9.
CVE-2021-3797 1 Hestiacp 1 Control Panel 2021-09-27 7.5 HIGH 9.8 CRITICAL
hestiacp is vulnerable to Use of Wrong Operator in String Comparison
CVE-2021-27231 1 Hestiacp 1 Control Panel 2021-06-03 5.5 MEDIUM 5.4 MEDIUM
Hestia Control Panel 1.3.5 and below, in a shared-hosting environment, sometimes allows remote authenticated users to create a subdomain for a different customer's domain name, leading to spoofing of services or email messages.