Lucene search
K

7 matches found

NVD
NVD
added 2026/01/27 4:16 p.m.11 views

CVE-2020-36948

VestaCP 0.9.8-26 contains a session token vulnerability in the LoginAs module that allows remote attackers to manipulate authentication tokens. Attackers can exploit insufficient token validation to access user accounts and perform unauthorized login requests without proper administrative...

9.8CVSS0.00561EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/01/21 5:27 p.m.2 views

CVE-2021-47873

VestaCP versions prior to 0.9.8-25 contain a cross-site scripting vulnerability in the IP interface configuration that allows attackers to inject malicious scripts. Attackers can exploit the 'vinterface' parameter by sending a crafted POST request to the add/ip/ endpoint with a stored XSS payload...

7.2CVSS5AI score0.00193EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2018-2060

Malware in sbrugna...

9.8CVSS9.5AI score0.01287EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 2:57 a.m.7 views

CVE-2018-1000884

Vesta CP version Prior to commit f6f6f9cfbbf2979e301956d1c6ab5c44386822c0 -- any release prior to 0.9.8-18 contains a CWE-208 / Information Exposure Through Timing Discrepancy vulnerability in Password reset code -- web/reset/index.php, line 51 that can result in Possible to determine password...

9.8CVSS7.2AI score0.01287EPSS
Exploits0References1
Prion
Prion
added 2018/12/20 9:29 p.m.17 views

Design/Logic Flaw

Vesta CP version Prior to commit f6f6f9cfbbf2979e301956d1c6ab5c44386822c0 -- any release prior to 0.9.8-18 contains a CWE-208 / Information Exposure Through Timing Discrepancy vulnerability in Password reset code -- web/reset/index.php, line 51 that can result in Possible to determine password...

5CVSS9.5AI score0.01287EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/12/20 8:0 p.m.21 views

CVE-2018-1000884

Vesta CP version Prior to commit f6f6f9cfbbf2979e301956d1c6ab5c44386822c0 -- any release prior to 0.9.8-18 contains a CWE-208 / Information Exposure Through Timing Discrepancy vulnerability in Password reset code -- web/reset/index.php, line 51 that can result in Possible to determine password...

9.6AI score0.01287EPSS
Exploits0References1
CVE
CVE
added 2018/12/20 8:0 p.m.52 views

CVE-2018-1000884

CVE-2018-1000884 affects Vesta CP prior to 0.9.8-18, where the password reset code in web/reset/index.php (line 51) exposes information due to a timing discrepancy (CWE-208). This can allow an attacker, via unauthenticated network access, to determine password reset codes and potentially change t...

9.8CVSS9.5AI score0.01287EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder