14 matches found
CVE-2022-0838
CVE-2022-0838 is a reflected cross-site scripting (XSS) vulnerability in hestiacp/hestiacp prior to version 1.5.10. The issue is surfaced through user-supplied input reflected into webpages, enabling client-side code execution. Affects Hestiacp deployments where untrusted input is echoed in the U...
CVE-2022-0986
CVE-2022-0986 is a Reflected Cross-site Scripting (XSS) vulnerability affecting hestiacp/hestiacp prior to 1.5.11. Several connected sources describe a reflected XSS in the Hostname field of the Configure Server -> Basic Options flow, enabling an attacker to potentially steal a user’s cookie a...
CVE-2022-1509
CVE-2022-1509 is a command injection vulnerability in hestiacp/hestiacp prior to 1.5.12. Connected docs describe authenticated, low-privilege remote exploit paths that leverage Sed injection via several v-change-* scripts (ns, theme, config-value, etc.) to execute arbitrary code with root privile...
CVE-2020-10966
Summary (CVE-2020-10966): The vulnerability affects Vesta Control Panel and Hestia Control Panel Password Reset Module. Through versions VestaCP up to 0.9.8-25 (and Hestia up to 1.1.1), an attacker can manipulate the Host header to cause an account takeover, as the reset URL delivered to the vict...
CVE-2022-0753
The CVE-2022-0753 entry describes a reflected Cross-site Scripting (XSS) in hestiacp/hestiacp before version 1.5.9. The root cause is an unprocessed user-controlled GET parameter (domain) in index.php, which enables an attacker to inject malicious JavaScript, potentially steal cookies, and gain u...
CVE-2022-0752
The CVE-2022-0752 entry describes a Cross-site Scripting (XSS) vulnerability in hestiacp/hestiacp related to improper handling of user input. Affected software is hestiacp/hestiacp prior to version 1.5.9 (with some sources noting impact up to 1.5.10). Root cause: failure to securely sanitize/esca...
CVE-2022-2626
CVE-2022-2626 affects hestiacp/hestiacp prior to 1.6.6. The issue is incorrect privilege assignment that can escalate privileges (admin user) to root due to sudo rights, enabling unauthorized actions with high impact. Reported details indicate the admin account can run root-level commands via sud...
CVE-2022-2636
CVE-2022-2636 affects hestiacp/hestiacp before 1.6.6. The vulnerability arises from improper validation in the code that handles generation of redirects, enabling crafted inputs to inject or modify code executed by the web server. Public details include a PoC showing a payload placed in the redir...
CVE-2023-3479
CVE-2023-3479 affects Hestiacp
CVE-2022-2550
CVE-2022-2550 : OS Command Injection in the GitHub repository hestiacp/hestiacp prior to 1.6.5. The Red Hat/NVD/CVE records, Huntr advisory, and PT-Security note describe an OS command injection vulnerability in the HestiaCP project, stemming from the DokuWiki installation flow (DokuWikiSetup.php...
CVE-2021-27231
CVE-2021-27231 affects Hestia Control Panel 1.3.5 and below in a shared-hosting environment. The vulnerability allows remote authenticated users to create a subdomain for a different customer’s domain name, leading to spoofing of services or email messages. The provided documents describe the iss...
CVE-2021-30071
The CVE-2021-30071 entry describes a cross-site scripting (XSS) vulnerability in HestiaCP, specifically in the /admin/list_key.html endpoint, affecting versions before 1.3.5. The issue allows an attacker to inject arbitrary web scripts or HTML via a crafted payload. Public sources in the connecte...
CVE-2023-5839
CVE-2023-5839 affects hestiacp/hestiacp prior to 1.8.9. Connected sources describe a local privilege escalation (privilege chaining) vulnerability exposed by PHP-FPM configuration: an attacker can leverage separate fpm listeners (admin vs www-data), access the admin Unix socket, and execute comma...
CVE-2021-3797
The CVE-2021-3797 entry for hestiacp has concrete technical details in connected data: in huntr’s description of hestiacp/hestiacp, a CSRF token check uses the != operator to compare $_SESSION["token"] with $_GET["token"] in index.php. This type juggling can bypass the CSRF token, enabling CSRF a...