Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Control_panel
(Hestiacp)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 14 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-08-18 | CVE-2021-30071 | A cross-site scripting (XSS) vulnerability in /admin/list_key.html of HestiaCP before v1.3.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | Control_panel | 6.1 | ||
| 2023-06-30 | CVE-2023-3479 | Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.7.8. | Control_panel | 6.1 | ||
| 2023-10-29 | CVE-2023-5839 | Privilege Chaining in GitHub repository hestiacp/hestiacp prior to 1.8.9. | Control_panel | 7.8 | ||
| 2020-03-25 | CVE-2020-10966 | In the Password Reset Module in VESTA Control Panel through 0.9.8-25 and Hestia Control Panel before 1.1.1, Host header manipulation leads to account takeover because the victim receives a reset URL containing an attacker-controlled server name. | Control_panel, Control_panel | 6.5 |