Skip to main content

Control Panel

20 CVEs product

Monthly

CVE-2023-5839 HIGH POC PATCH This Week

Privilege Chaining in GitHub repository hestiacp/hestiacp prior to 1.8.9. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Control Panel
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-3479 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.7.8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Control Panel
NVD GitHub
CVSS 3.1
6.1
EPSS
1.3%
CVE-2022-3967 HIGH PATCH This Week

A vulnerability, which was classified as critical, was found in Vesta Control Panel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Code Injection Control Panel
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-2636 HIGH POC PATCH This Week

Improper Control of Generation of Code ('Code Injection') in GitHub repository hestiacp/hestiacp prior to 1.6.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Code Injection Control Panel
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-2626 HIGH POC PATCH This Week

Incorrect Privilege Assignment in GitHub repository hestiacp/hestiacp prior to 1.6.6. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Control Panel
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-2550 HIGH POC PATCH THREAT This Week

OS Command Injection in GitHub repository hestiacp/hestiacp prior to 1.6.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection Control Panel
NVD GitHub
CVSS 3.1
8.8
EPSS
47.5%
CVE-2022-1509 HIGH POC PATCH This Week

Command Injection Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.12. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Command Injection Control Panel
NVD GitHub
CVSS 3.1
8.8
EPSS
4.5%
CVE-2022-0986 MEDIUM POC PATCH This Month

Reflected Cross-site Scripting (XSS) Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.11. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Control Panel
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-0752 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Generic in GitHub repository hestiacp/hestiacp prior to 1.5.9. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Control Panel
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2022-0838 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.10. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Control Panel
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2022-0753 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.9. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Control Panel
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-3797 CRITICAL POC PATCH Act Now

hestiacp is vulnerable to Use of Wrong Operator in String Comparison. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Control Panel
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-30463 HIGH POC This Week

VestaCP through 0.9.8-24 allows attackers to gain privileges by creating symlinks to files for which they lack permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Control Panel
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-27231 MEDIUM POC This Month

Hestia Control Panel 1.3.5 and below, in a shared-hosting environment, sometimes allows remote authenticated users to create a subdomain for a different customer's domain name, leading to spoofing of. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Control Panel
NVD GitHub
CVSS 3.1
5.4
EPSS
1.4%
CVE-2020-10966 MEDIUM POC PATCH This Month

In the Password Reset Module in VESTA Control Panel through 0.9.8-25 and Hestia Control Panel before 1.1.1, Host header manipulation leads to account takeover because the victim receives a reset URL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Control Panel
NVD GitHub
CVSS 3.1
6.5
EPSS
1.9%
CVE-2019-12792 HIGH POC This Week

A command injection vulnerability in UploadHandler.php in Vesta Control Panel 0.9.8-24 allows remote attackers to escalate from regular registered users to root. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Control Panel
NVD GitHub
CVSS 3.0
8.8
EPSS
4.9%
CVE-2019-12791 HIGH POC This Week

A directory traversal vulnerability in the v-list-user script in Vesta Control Panel 0.9.8-24 allows remote attackers to escalate from regular registered users to root via the password reset form. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Control Panel
NVD GitHub
CVSS 3.0
8.8
EPSS
6.5%
CVE-2019-9841 MEDIUM POC PATCH This Month

Vesta Control Panel 0.9.8-23 allows XSS via a crafted URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Control Panel
NVD GitHub
CVSS 3.0
6.1
EPSS
1.3%
CVE-2018-18547 MEDIUM POC This Month

Vesta Control Panel through 0.9.8-22 has XSS via the edit/web/ domain parameter, the list/backup/ backup parameter, the list/rrd/ period parameter, the list/directory/ dir_a parameter, or the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Control Panel
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-10686 MEDIUM POC This Month

An issue was discovered in Vesta Control Panel 0.9.8-20. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE PHP Control Panel
NVD GitHub
CVSS 3.0
6.1
EPSS
1.3%
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

Privilege Chaining in GitHub repository hestiacp/hestiacp prior to 1.8.9. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Control Panel
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.7.8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Control Panel
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A vulnerability, which was classified as critical, was found in Vesta Control Panel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Code Injection Control Panel
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

Improper Control of Generation of Code ('Code Injection') in GitHub repository hestiacp/hestiacp prior to 1.6.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Code Injection Control Panel
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC PATCH This Week

Incorrect Privilege Assignment in GitHub repository hestiacp/hestiacp prior to 1.6.6. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Control Panel
NVD GitHub
EPSS 47% CVSS 8.8
HIGH POC PATCH THREAT This Week

OS Command Injection in GitHub repository hestiacp/hestiacp prior to 1.6.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection Control Panel
NVD GitHub
EPSS 4% CVSS 8.8
HIGH POC PATCH This Week

Command Injection Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.12. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Command Injection Control Panel
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

Reflected Cross-site Scripting (XSS) Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.11. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Control Panel
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Generic in GitHub repository hestiacp/hestiacp prior to 1.5.9. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Control Panel
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.10. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Control Panel
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.9. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Control Panel
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

hestiacp is vulnerable to Use of Wrong Operator in String Comparison. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Control Panel
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC This Week

VestaCP through 0.9.8-24 allows attackers to gain privileges by creating symlinks to files for which they lack permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Control Panel
NVD
EPSS 1% CVSS 5.4
MEDIUM POC This Month

Hestia Control Panel 1.3.5 and below, in a shared-hosting environment, sometimes allows remote authenticated users to create a subdomain for a different customer's domain name, leading to spoofing of. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Control Panel
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM POC PATCH This Month

In the Password Reset Module in VESTA Control Panel through 0.9.8-25 and Hestia Control Panel before 1.1.1, Host header manipulation leads to account takeover because the victim receives a reset URL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Control Panel
NVD GitHub
EPSS 5% CVSS 8.8
HIGH POC This Week

A command injection vulnerability in UploadHandler.php in Vesta Control Panel 0.9.8-24 allows remote attackers to escalate from regular registered users to root. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Control Panel
NVD GitHub
EPSS 6% CVSS 8.8
HIGH POC This Week

A directory traversal vulnerability in the v-list-user script in Vesta Control Panel 0.9.8-24 allows remote attackers to escalate from regular registered users to root via the password reset form. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Control Panel
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

Vesta Control Panel 0.9.8-23 allows XSS via a crafted URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Control Panel
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

Vesta Control Panel through 0.9.8-22 has XSS via the edit/web/ domain parameter, the list/backup/ backup parameter, the list/rrd/ period parameter, the list/directory/ dir_a parameter, or the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Control Panel
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

An issue was discovered in Vesta Control Panel 0.9.8-20. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE PHP +1
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy