Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Control_panel
(Hestiacp)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 14 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-02-16 | CVE-2021-27231 | Hestia Control Panel 1.3.5 and below, in a shared-hosting environment, sometimes allows remote authenticated users to create a subdomain for a different customer's domain name, leading to spoofing of services or email messages. | Control_panel | 5.4 | ||
| 2021-09-15 | CVE-2021-3797 | hestiacp is vulnerable to Use of Wrong Operator in String Comparison | Control_panel | 9.8 | ||
| 2022-03-03 | CVE-2022-0753 | Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.9. | Control_panel | 6.1 | ||
| 2022-03-04 | CVE-2022-0838 | Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.10. | Control_panel | 6.1 | ||
| 2022-03-04 | CVE-2022-0752 | Cross-site Scripting (XSS) - Generic in GitHub repository hestiacp/hestiacp prior to 1.5.9. | Control_panel | 6.1 | ||
| 2022-03-16 | CVE-2022-0986 | Reflected Cross-site Scripting (XSS) Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.11. | Control_panel | 6.1 | ||
| 2022-04-28 | CVE-2022-1509 | Command Injection Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.12. An authenticated remote attacker with low privileges can execute arbitrary code under root context. | Control_panel | 8.8 | ||
| 2022-07-27 | CVE-2022-2550 | OS Command Injection in GitHub repository hestiacp/hestiacp prior to 1.6.5. | Control_panel | 8.8 | ||
| 2022-08-05 | CVE-2022-2626 | Incorrect Privilege Assignment in GitHub repository hestiacp/hestiacp prior to 1.6.6. | Control_panel | 7.2 | ||
| 2022-08-05 | CVE-2022-2636 | Improper Control of Generation of Code ('Code Injection') in GitHub repository hestiacp/hestiacp prior to 1.6.6. | Control_panel | 8.8 |