Product:

Control_panel

(Hestiacp)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 14
Date Id Summary Products Score Patch Annotated
2022-04-28 CVE-2022-1509 Command Injection Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.12. An authenticated remote attacker with low privileges can execute arbitrary code under root context. Control_panel 8.8
2023-10-29 CVE-2023-5839 Privilege Chaining in GitHub repository hestiacp/hestiacp prior to 1.8.9. Control_panel 7.8
2022-08-05 CVE-2022-2636 Improper Control of Generation of Code ('Code Injection') in GitHub repository hestiacp/hestiacp prior to 1.6.6. Control_panel 8.8
2023-06-30 CVE-2023-3479 Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.7.8. Control_panel 6.1
2022-08-18 CVE-2021-30071 A cross-site scripting (XSS) vulnerability in /admin/list_key.html of HestiaCP before v1.3.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Control_panel 6.1
2022-08-05 CVE-2022-2626 Incorrect Privilege Assignment in GitHub repository hestiacp/hestiacp prior to 1.6.6. Control_panel 7.2
2022-07-27 CVE-2022-2550 OS Command Injection in GitHub repository hestiacp/hestiacp prior to 1.6.5. Control_panel 8.8
2020-03-25 CVE-2020-10966 In the Password Reset Module in VESTA Control Panel through 0.9.8-25 and Hestia Control Panel before 1.1.1, Host header manipulation leads to account takeover because the victim receives a reset URL containing an attacker-controlled server name. Control_panel, Control_panel 6.5
2022-03-16 CVE-2022-0986 Reflected Cross-site Scripting (XSS) Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.11. Control_panel 6.1
2022-03-04 CVE-2022-0838 Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.10. Control_panel 6.1