Lucene search
K

4 matches found

CVE
CVE
added 2026/01/21 5:27 p.m.14 views

CVE-2021-47873

VestaCP is affected in versions prior to 0.9.8-25 by a stored XSS in the IP interface configuration. The vulnerability hinges on the v_interface parameter and can be exploited by sending a crafted POST to the add/ip/ endpoint to inject scripts. This is a cross-site scripting issue with potential ...

7.2CVSS5AI score0.00193EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/22 9:27 p.m.8 views

CVE-2021-30463

VestaCP through 0.9.8-24 allows attackers to gain privileges by creating symlinks to files for which they lack permissions. After reading the RKEY value from user.conf under the /usr/local/vesta/data/users/admin directory, the admin password can be changed via a /reset/?action=confirm=admin= URI...

7.8CVSS7.3AI score0.00497EPSS
Exploits1References1
CNVD
CNVD
added 2021/04/09 12:0 a.m.8 views

VestaCP Elevation of Privilege Vulnerability

VestaCP is an open source hosting control panel that can be used to manage multiple websites, create and manage email accounts, FTP accounts and MySQL databases, and manage DNS records. An elevation of privilege vulnerability exists in VestaCP 0.9.8-24 and earlier versions. The vulnerability can ...

7.8CVSS6.9AI score0.00497EPSS
Exploits1References1
CNVD
CNVD
added 2021/04/09 12:0 a.m.9 views

VestaCP elevation of privilege vulnerability (CNVD-2021-28371)

VestaCP is an open source hosting control panel that can be used to manage multiple websites, create and manage email accounts, FTP accounts and MySQL databases, and manage DNS records. An elevation of privilege vulnerability exists in VestaCP 0.9.8-24 and earlier versions. The vulnerability stem...

9CVSS6.8AI score0.01803EPSS
Exploits1References1
Rows per page
Query Builder