Filtered by vendor Vestacp
Subscribe
Search
Total
8 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-34025 | 1 Vestacp | 1 Vesta Control Panel | 2022-07-25 | N/A | 6.1 MEDIUM |
| Vesta v1.0.0-5 was discovered to contain a cross-site scripting (XSS) vulnerability via the post function at /web/api/v1/upload/UploadHandler.php. | |||||
| CVE-2022-36303 | 1 Vestacp | 1 Vesta Control Panel | 2022-07-25 | N/A | 6.1 MEDIUM |
| Vesta v1.0.0-5 was discovered to contain a cross-site scripting (XSS) vulnerability via the handle_file_upload function at /web/api/v1/upload/UploadHandler.php. | |||||
| CVE-2022-36304 | 1 Vestacp | 1 Vesta Control Panel | 2022-07-25 | N/A | 6.1 MEDIUM |
| Vesta v1.0.0-5 was discovered to contain a cross-site scripting (XSS) vulnerability via the generate_response function at /web/api/v1/upload/UploadHandler.php. | |||||
| CVE-2022-36305 | 1 Vestacp | 1 Vesta Control Panel | 2022-07-25 | N/A | 6.1 MEDIUM |
| Vesta v1.0.0-5 was discovered to contain a cross-site scripting (XSS) vulnerability via the body function at /web/api/v1/upload/UploadHandler.php. | |||||
| CVE-2020-10966 | 2 Hestiacp, Vestacp | 2 Control Panel, Control Panel | 2022-07-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| In the Password Reset Module in VESTA Control Panel through 0.9.8-25 and Hestia Control Panel before 1.1.1, Host header manipulation leads to account takeover because the victim receives a reset URL containing an attacker-controlled server name. | |||||
| CVE-2019-9841 | 1 Vestacp | 1 Control Panel | 2019-04-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| Vesta Control Panel 0.9.8-23 allows XSS via a crafted URL. | |||||
| CVE-2018-18547 | 1 Vestacp | 1 Control Panel | 2018-12-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Vesta Control Panel through 0.9.8-22 has XSS via the edit/web/ domain parameter, the list/backup/ backup parameter, the list/rrd/ period parameter, the list/directory/ dir_a parameter, or the filename to the list/directory/ URI. | |||||
| CVE-2018-10686 | 1 Vestacp | 1 Control Panel | 2018-06-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Vesta Control Panel 0.9.8-20. There is Reflected XSS via $_REQUEST['path'] to the view/file/index.php URI, which can lead to remote PHP code execution via vectors involving a file_put_contents call in web/upload/UploadHandler.php. | |||||