Hestiacp Control Panel 1.3.1

CPE Details

Hestiacp Control Panel 1.3.1
hestiacp
control_panel
1.3.1
2021-02-18
14h30 +00:00
2021-02-18
14h30 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:hestiacp:control_panel:1.3.1:*:*:*:*:*:*:*

Informations

Vendor

hestiacp

Product

control_panel

Version

1.3.1

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2023-5839 2023-10-29 00h00 +00:00 Privilege Chaining in GitHub repository hestiacp/hestiacp prior to 1.8.9.
7.8
Haute
CVE-2023-3479 2023-06-30 09h55 +00:00 Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.7.8.
6.1
Moyen
CVE-2021-30071 2022-08-18 02h16 +00:00 A cross-site scripting (XSS) vulnerability in /admin/list_key.html of HestiaCP before v1.3.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
6.1
Moyen
CVE-2022-2636 2022-08-05 07h30 +00:00 Improper Control of Generation of Code ('Code Injection') in GitHub repository hestiacp/hestiacp prior to 1.6.6.
8.8
Haute
CVE-2022-2626 2022-08-05 06h15 +00:00 Incorrect Privilege Assignment in GitHub repository hestiacp/hestiacp prior to 1.6.6.
7.2
Haute
CVE-2022-2550 2022-07-27 12h52 +00:00 OS Command Injection in GitHub repository hestiacp/hestiacp prior to 1.6.5.
8.8
Haute
CVE-2022-1509 2022-04-28 08h05 +00:00 Command Injection Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.12. An authenticated remote attacker with low privileges can execute arbitrary code under root context.
9.9
Critique
CVE-2022-0986 2022-03-16 11h45 +00:00 Reflected Cross-site Scripting (XSS) Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.11.
6.1
Moyen
CVE-2022-0752 2022-03-04 10h35 +00:00 Cross-site Scripting (XSS) - Generic in GitHub repository hestiacp/hestiacp prior to 1.5.9.
6.1
Moyen
CVE-2022-0838 2022-03-04 07h10 +00:00 Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.10.
6.1
Moyen
CVE-2022-0753 2022-03-03 14h30 +00:00 Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.9.
6.1
Moyen
CVE-2021-3797 2021-09-15 11h05 +00:00 hestiacp is vulnerable to Use of Wrong Operator in String Comparison
9.8
Critique
CVE-2021-27231 2021-02-16 02h19 +00:00 Hestia Control Panel 1.3.5 and below, in a shared-hosting environment, sometimes allows remote authenticated users to create a subdomain for a different customer's domain name, leading to spoofing of services or email messages.
5.4
Moyen
Les informations affichées sur CVE Find proviennent de plusieurs sources de référence rigoureusement sélectionnées. Les données CVE sont fournies par MITRE Corporation et la National Vulnerability Database (NVD). Le catalogue des vulnérabilités activement exploitées (KEV) provient de la Cybersecurity and Infrastructure Security Agency (CISA), tandis que les scores EPSS sont issus de FIRST.org. Enfin, les données relatives aux faiblesses logicielles (CWE) et aux schémas d'attaque courants (CAPEC) sont maintenues par MITRE Corporation, et les informations sur les configurations logicielles et matérielles (CPE) proviennent du NVD.