4 matches found
CVE-2021-47873
VestaCP is affected in versions prior to 0.9.8-25 by a stored XSS in the IP interface configuration. The vulnerability hinges on the v_interface parameter and can be exploited by sending a crafted POST to the add/ip/ endpoint to inject scripts. This is a cross-site scripting issue with potential ...
CVE-2021-30463
VestaCP through 0.9.8-24 allows attackers to gain privileges by creating symlinks to files for which they lack permissions. After reading the RKEY value from user.conf under the /usr/local/vesta/data/users/admin directory, the admin password can be changed via a /reset/?action=confirm=admin= URI...
VestaCP Elevation of Privilege Vulnerability
VestaCP is an open source hosting control panel that can be used to manage multiple websites, create and manage email accounts, FTP accounts and MySQL databases, and manage DNS records. An elevation of privilege vulnerability exists in VestaCP 0.9.8-24 and earlier versions. The vulnerability can ...
VestaCP elevation of privilege vulnerability (CNVD-2021-28371)
VestaCP is an open source hosting control panel that can be used to manage multiple websites, create and manage email accounts, FTP accounts and MySQL databases, and manage DNS records. An elevation of privilege vulnerability exists in VestaCP 0.9.8-24 and earlier versions. The vulnerability stem...