Hestia Control Panel 0.9.8-28

CPE Details

Hestia Control Panel 0.9.8-28
hestiacp
control_panel
0.9.8-28
2020-04-01
14h53 +00:00
2020-04-01
14h53 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:hestiacp:control_panel:0.9.8-28:*:*:*:*:*:*:*

Informations

Vendor

hestiacp

Product

control_panel

Version

0.9.8-28

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-5839 2023-10-29 00h00 +00:00 Privilege Chaining in GitHub repository hestiacp/hestiacp prior to 1.8.9.
7.8
High
CVE-2023-3479 2023-06-30 09h55 +00:00 Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.7.8.
6.1
Medium
CVE-2021-30071 2022-08-18 02h16 +00:00 A cross-site scripting (XSS) vulnerability in /admin/list_key.html of HestiaCP before v1.3.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
6.1
Medium
CVE-2022-2636 2022-08-05 07h30 +00:00 Improper Control of Generation of Code ('Code Injection') in GitHub repository hestiacp/hestiacp prior to 1.6.6.
8.8
High
CVE-2022-2626 2022-08-05 06h15 +00:00 Incorrect Privilege Assignment in GitHub repository hestiacp/hestiacp prior to 1.6.6.
7.2
High
CVE-2022-2550 2022-07-27 12h52 +00:00 OS Command Injection in GitHub repository hestiacp/hestiacp prior to 1.6.5.
8.8
High
CVE-2022-1509 2022-04-28 08h05 +00:00 Command Injection Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.12. An authenticated remote attacker with low privileges can execute arbitrary code under root context.
9.9
Critical
CVE-2022-0986 2022-03-16 11h45 +00:00 Reflected Cross-site Scripting (XSS) Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.11.
6.1
Medium
CVE-2022-0752 2022-03-04 10h35 +00:00 Cross-site Scripting (XSS) - Generic in GitHub repository hestiacp/hestiacp prior to 1.5.9.
6.1
Medium
CVE-2022-0838 2022-03-04 07h10 +00:00 Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.10.
6.1
Medium
CVE-2022-0753 2022-03-03 14h30 +00:00 Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.9.
6.1
Medium
CVE-2021-3797 2021-09-15 11h05 +00:00 hestiacp is vulnerable to Use of Wrong Operator in String Comparison
9.8
Critical
CVE-2021-27231 2021-02-16 02h19 +00:00 Hestia Control Panel 1.3.5 and below, in a shared-hosting environment, sometimes allows remote authenticated users to create a subdomain for a different customer's domain name, leading to spoofing of services or email messages.
5.4
Medium
CVE-2020-10966 2020-03-25 21h50 +00:00 In the Password Reset Module in VESTA Control Panel through 0.9.8-25 and Hestia Control Panel before 1.1.1, Host header manipulation leads to account takeover because the victim receives a reset URL containing an attacker-controlled server name.
6.5
Medium
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.