1panel
Monthly
Stored XSS in 1Panel's App Store allows attackers to inject malicious scripts into application details that execute in users' browsers when viewed, potentially enabling session hijacking or unauthorized system access. Versions up to v1.10.33-lts and v2.0.16 are vulnerable, with no patch currently available. An attacker could publish a compromised application to steal credentials, modify system functions, or compromise system availability.
OS Command injection vulnerability in function OperateSSH in 1panel 2.0.8 allowing attackers to execute arbitrary commands via the operation parameter to the /api/v2/hosts/ssh/operate endpoint. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
1Panel is a web interface and MCP Server that manages websites, files, containers, databases, and LLMs on a Linux server. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.
Stored XSS in 1Panel's App Store allows attackers to inject malicious scripts into application details that execute in users' browsers when viewed, potentially enabling session hijacking or unauthorized system access. Versions up to v1.10.33-lts and v2.0.16 are vulnerable, with no patch currently available. An attacker could publish a compromised application to steal credentials, modify system functions, or compromise system availability.
OS Command injection vulnerability in function OperateSSH in 1panel 2.0.8 allowing attackers to execute arbitrary commands via the operation parameter to the /api/v2/hosts/ssh/operate endpoint. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
1Panel is a web interface and MCP Server that manages websites, files, containers, databases, and LLMs on a Linux server. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.