Vesta Control Panel Security Vulnerabilities and Issues — Vesta Control Panel CVE List

Lucene search

VestacpVesta Control Panel

5 matches found

CVE•added 2022/07/19 7:15 p.m.•428 views

CVE-2022-34025

Vesta v1.0.0-5 was discovered to contain a cross-site scripting (XSS) vulnerability via the post function at /web/api/v1/upload/UploadHandler.php.

6.1CVSS6AI score0.00218EPSS

CVE•added 2022/07/19 7:15 p.m.•384 views

CVE-2022-36303

Vesta v1.0.0-5 was discovered to contain a cross-site scripting (XSS) vulnerability via the handle_file_upload function at /web/api/v1/upload/UploadHandler.php.

6.1CVSS6AI score0.00218EPSS

CVE•added 2022/07/19 7:15 p.m.•316 views

CVE-2022-36305

Vesta v1.0.0-5 was discovered to contain a cross-site scripting (XSS) vulnerability via the body function at /web/api/v1/upload/UploadHandler.php.

6.1CVSS6AI score0.00218EPSS

CVE•added 2022/07/19 7:15 p.m.•302 views

CVE-2022-36304

Vesta v1.0.0-5 was discovered to contain a cross-site scripting (XSS) vulnerability via the generate_response function at /web/api/v1/upload/UploadHandler.php.

6.1CVSS6AI score0.00218EPSS

CVE•added 2022/10/24 2:15 p.m.•56 views

CVE-2021-46850

myVesta Control Panel before 0.9.8-26-43 and Vesta Control Panel before 0.9.8-26 are vulnerable to command injection. An authenticated and remote administrative user can execute arbitrary commands via the v_sftp_license parameter when sending HTTP POST requests to the /edit/server endpoint.

7.2CVSS7.5AI score0.18623EPSS