Skip to main content

Control Panel CVE-2019-9841

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2019-04-19 cve@mitre.org
6.1
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
6.1 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Apr 19, 2019 - 19:29 nvd
MEDIUM 6.1

DescriptionNVD

Vesta Control Panel 0.9.8-23 allows XSS via a crafted URL.

AnalysisAI

Vesta Control Panel 0.9.8-23 allows XSS via a crafted URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Affected products include: Vestacp Control Panel.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2021-3797 CRITICAL POC
9.8 Sep 15

hestiacp is vulnerable to Use of Wrong Operator in String Comparison. Rated critical severity (CVSS 9.8), this vulnerabi

CVE-2022-2636 HIGH POC
8.8 Aug 05

Improper Control of Generation of Code ('Code Injection') in GitHub repository hestiacp/hestiacp prior to 1.6.6. Rated h

CVE-2022-2550 HIGH POC
8.8 Jul 27

OS Command Injection in GitHub repository hestiacp/hestiacp prior to 1.6.5. Rated high severity (CVSS 8.8), this vulnera

CVE-2022-1509 HIGH POC
8.8 Apr 28

Command Injection Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.12. Rated high severity (CVSS 8.8),

CVE-2019-12792 HIGH POC
8.8 Aug 15

A command injection vulnerability in UploadHandler.php in Vesta Control Panel 0.9.8-24 allows remote attackers to escala

CVE-2019-12791 HIGH POC
8.8 Aug 15

A directory traversal vulnerability in the v-list-user script in Vesta Control Panel 0.9.8-24 allows remote attackers to

CVE-2023-5839 HIGH POC
7.8 Oct 29

Privilege Chaining in GitHub repository hestiacp/hestiacp prior to 1.8.9. Rated high severity (CVSS 7.8), this vulnerabi

CVE-2021-30463 HIGH POC
7.8 Apr 08

VestaCP through 0.9.8-24 allows attackers to gain privileges by creating symlinks to files for which they lack permissio

CVE-2022-2626 HIGH POC
7.2 Aug 05

Incorrect Privilege Assignment in GitHub repository hestiacp/hestiacp prior to 1.6.6. Rated high severity (CVSS 7.2), th

CVE-2020-10966 MEDIUM POC
6.5 Mar 25

In the Password Reset Module in VESTA Control Panel through 0.9.8-25 and Hestia Control Panel before 1.1.1, Host header

CVE-2023-3479 MEDIUM POC
6.1 Jun 30

Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.7.8. Rated medium severity (CVS

CVE-2022-0986 MEDIUM POC
6.1 Mar 16

Reflected Cross-site Scripting (XSS) Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.11. Rated medium

Share

CVE-2019-9841 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy