Filtered by vendor Hestiacp
Subscribe
Search
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-10966 | 2 Hestiacp, Vestacp | 2 Control Panel, Control Panel | 2022-07-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| In the Password Reset Module in VESTA Control Panel through 0.9.8-25 and Hestia Control Panel before 1.1.1, Host header manipulation leads to account takeover because the victim receives a reset URL containing an attacker-controlled server name. | |||||
| CVE-2022-1509 | 1 Hestiacp | 1 Control Panel | 2022-05-06 | 9.0 HIGH | 8.8 HIGH |
| Sed Injection Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.12. An authenticated remote attacker with low privileges can execute arbitrary code under root context. | |||||
| CVE-2021-3797 | 1 Hestiacp | 1 Control Panel | 2021-09-27 | 7.5 HIGH | 9.8 CRITICAL |
| hestiacp is vulnerable to Use of Wrong Operator in String Comparison | |||||
| CVE-2021-27231 | 1 Hestiacp | 1 Control Panel | 2021-06-03 | 5.5 MEDIUM | 5.4 MEDIUM |
| Hestia Control Panel 1.3.5 and below, in a shared-hosting environment, sometimes allows remote authenticated users to create a subdomain for a different customer's domain name, leading to spoofing of services or email messages. | |||||