CVE-2023-5839

< 1.8.9

Privilege Chaining in GitHub repository hestiacp/hestiacp prior to 1.8.9.

7.8HIGH

CVE-2023-3479

< 1.7.8

Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.7.8.

6.1MEDIUM

CVE-2022-3967

< 2022-07-18

A vulnerability, which was classified as critical, was found in Vesta Control Panel. Affected is an unknown function of the file f

5.3MEDIUM

CVE-2021-46850

< 0.9.8-26-43

myVesta Control Panel before 0.9.8-26-43 and Vesta Control Panel before 0.9.8-26 are vulnerable to command injection. An authentic

7.2HIGH

CVE-2021-30071

< 1.3.5

A cross-site scripting (XSS) vulnerability in /admin/list_key.html of HestiaCP before v1.3.5 allows attackers to execute arbitrary

6.1MEDIUM

CVE-2022-2636

< 1.6.6

Improper Control of Generation of Code ('Code Injection') in GitHub repository hestiacp/hestiacp prior to 1.6.6.

8.5HIGH

CVE-2022-2626

< 1.6.6

Incorrect Privilege Assignment in GitHub repository hestiacp/hestiacp prior to 1.6.6.

7.2HIGH

CVE-2022-2550

< 1.6.5

OS Command Injection in GitHub repository hestiacp/hestiacp prior to 1.6.5.

8.8HIGH

CVE-2022-1509

< 1.5.12

Command Injection Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.12. An authenticated remote attacker with low

9.9CRITICAL

CVE-2022-0986

< 1.5.11

Reflected Cross-site Scripting (XSS) Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.11.

6.1MEDIUM

CVE-2022-0752

< 1.5.9

Cross-site Scripting (XSS) - Generic in GitHub repository hestiacp/hestiacp prior to 1.5.9.

6.1MEDIUM

CVE-2022-0838

< 1.5.10

Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.10.

6.1MEDIUM

CVE-2022-0753

< 1.5.9

Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.9.

6.1MEDIUM

CVE-2021-3797

<= 1.4.12

hestiacp is vulnerable to Use of Wrong Operator in String Comparison

9.8CRITICAL

CVE-2021-30463

<= 0.9.8-24

VestaCP through 0.9.8-24 allows attackers to gain privileges by creating symlinks to files for which they lack permissions. After

7.8HIGH

CVE-2021-27231

<= 1.3.5

Hestia Control Panel 1.3.5 and below, in a shared-hosting environment, sometimes allows remote authenticated users to create a sub

5.4MEDIUM

CVE-2020-10966

< 1.1.1

In the Password Reset Module in VESTA Control Panel through 0.9.8-25 and Hestia Control Panel before 1.1.1, Host header manipulati

6.5MEDIUM

CVE-2019-12792

all versions

A command injection vulnerability in UploadHandler.php in Vesta Control Panel 0.9.8-24 allows remote attackers to escalate from re

8.8HIGH

CVE-2019-12791

all versions

A directory traversal vulnerability in the v-list-user script in Vesta Control Panel 0.9.8-24 allows remote attackers to escalate

8.8HIGH

CVE-2019-9841

all versions

Vesta Control Panel 0.9.8-23 allows XSS via a crafted URL.

6.1MEDIUM

CVE-2018-18547

<= 0.9.8-22

Vesta Control Panel through 0.9.8-22 has XSS via the edit/web/ domain parameter, the list/backup/ backup parameter, the list/rrd/

6.1MEDIUM

CVE-2018-10686

all versions

An issue was discovered in Vesta Control Panel 0.9.8-20. There is Reflected XSS via $_REQUEST['path'] to the view/file/index.php U

6.1MEDIUM

CVE-2015-4117

< 0.9.8-14

Vesta Control Panel before 0.9.8-14 allows remote authenticated users to execute arbitrary commands via shell metacharacters in th

8.8HIGH

CVE-2010-1108

all versions

Cross-site scripting (XSS) vulnerability in the Control Panel module 5.x through 5.x-1.5 and 6.x through 6.x-1.2 for Drupal allows

CVE-2000-1023

<= 3.0

The Alabanza Control Panel does not require passwords to access administrative commands, which allows remote attackers to modify d