Hestiacp is an open source Linux Web server control panel designed to provide administrators with an easy-to-use Web and command-line interface. Hestiacp suffers from a cross-site scripting vulnerability that stems from an unprocessed user-controlled GET field parameter in index.php, which can be exploited by attackers to run malicious Javascript on a Web page code on a web page to steal a user’s cookie and gain unauthorized access to that user’s account via the stolen cookie.
CPE | Name | Operator | Version |
---|---|---|---|
hestiacp hestiacp | lt | 1.5.9 |