Vulnerabilities (CVE)

Filtered by vendor Hestiacp Subscribe

Filtered by product Control Panel

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2020-10966	2 Hestiacp, Vestacp	2 Control Panel, Control Panel	2022-07-12	4.3 MEDIUM	6.5 MEDIUM
In the Password Reset Module in VESTA Control Panel through 0.9.8-25 and Hestia Control Panel before 1.1.1, Host header manipulation leads to account takeover because the victim receives a reset URL containing an attacker-controlled server name.
CVE-2021-27231	1 Hestiacp	1 Control Panel	2021-06-03	5.5 MEDIUM	5.4 MEDIUM
Hestia Control Panel 1.3.5 and below, in a shared-hosting environment, sometimes allows remote authenticated users to create a subdomain for a different customer's domain name, leading to spoofing of services or email messages.