Hestiacp Security Vulnerabilities

CVE-2023-5839

Privilege Chaining in GitHub repository hestiacp/hestiacp prior to...

CVE-2023-4517

Cross-site Scripting (XSS) - Stored in GitHub repository hestiacp/hestiacp prior to...

CVE-2023-5084

Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to...

CVE-2023-3479

Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to...

CVE-2021-30070

An issue was discovered in HestiaCP before v1.3.5. Attackers are able to arbitrarily install packages due to values taken from the pgk [] parameter in the update request being transmitted to the operating system's package...

CVE-2022-2636

Improper Control of Generation of Code ('Code Injection') in GitHub repository hestiacp/hestiacp prior to...

CVE-2022-2626

Incorrect Privilege Assignment in GitHub repository hestiacp/hestiacp prior to...

CVE-2022-2550

OS Command Injection in GitHub repository hestiacp/hestiacp prior to...

CVE-2022-1509

Sed Injection Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.12. An authenticated remote attacker with low privileges can execute arbitrary code under root...

CVE-2022-0986

Reflected Cross-site Scripting (XSS) Vulnerability in GitHub repository hestiacp/hestiacp prior to...

CVE-2022-0752

Cross-site Scripting (XSS) - Generic in GitHub repository hestiacp/hestiacp prior to...

CVE-2022-0838

Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to...

CVE-2022-0753

Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to...

CVE-2021-3797

hestiacp is vulnerable to Use of Wrong Operator in String...