Product:

Control_panel

(Hestiacp)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 14
Date Id Summary Products Score Patch Annotated
2022-08-18 CVE-2021-30071 A cross-site scripting (XSS) vulnerability in /admin/list_key.html of HestiaCP before v1.3.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Control_panel 6.1
2022-08-05 CVE-2022-2626 Incorrect Privilege Assignment in GitHub repository hestiacp/hestiacp prior to 1.6.6. Control_panel 7.2
2022-07-27 CVE-2022-2550 OS Command Injection in GitHub repository hestiacp/hestiacp prior to 1.6.5. Control_panel 8.8
2020-03-25 CVE-2020-10966 In the Password Reset Module in VESTA Control Panel through 0.9.8-25 and Hestia Control Panel before 1.1.1, Host header manipulation leads to account takeover because the victim receives a reset URL containing an attacker-controlled server name. Control_panel, Control_panel 6.5
2022-03-16 CVE-2022-0986 Reflected Cross-site Scripting (XSS) Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.11. Control_panel 6.1
2022-03-04 CVE-2022-0838 Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.10. Control_panel 6.1
2022-03-04 CVE-2022-0752 Cross-site Scripting (XSS) - Generic in GitHub repository hestiacp/hestiacp prior to 1.5.9. Control_panel 6.1
2022-03-03 CVE-2022-0753 Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.9. Control_panel 6.1
2021-09-15 CVE-2021-3797 hestiacp is vulnerable to Use of Wrong Operator in String Comparison Control_panel 9.8
2021-02-16 CVE-2021-27231 Hestia Control Panel 1.3.5 and below, in a shared-hosting environment, sometimes allows remote authenticated users to create a subdomain for a different customer's domain name, leading to spoofing of services or email messages. Control_panel 5.4