CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4517 – Cross-site Scripting (XSS) - Stored in hestiacp/hestiacp
https://notcve.org/view.php?id=CVE-2023-4517
Cross-site Scripting (XSS) - Stored in GitHub repository hestiacp/hestiacp prior to 1.8.6. Cross-Site Scripting (XSS) Almacenado en el repositorio de GitHub hestiacp/hestiacp antes de 1.8.6. • https://github.com/hestiacp/hestiacp/commit/d30e3edbca5915235643e46ab222cb7aed9b319a https://huntr.dev/bounties/508d1d21-c45d-47ff-833f-50c671882e51 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5084 – Cross-site Scripting (XSS) - Reflected in hestiacp/hestiacp
https://notcve.org/view.php?id=CVE-2023-5084
Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.8.8. Cross-Site Scripting (XSS): Reflejadas en el repositorio de GitHub hestiacp/hestiacp antes de 1.8.8. • https://github.com/hestiacp/hestiacp/pull/4013/commits/5131f5a966759df77477fdf7f29daa2bda93b1ff https://huntr.dev/bounties/f3340570-6e59-4c72-a7d1-d4b829b4fb45 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-30070
https://notcve.org/view.php?id=CVE-2021-30070
An issue was discovered in HestiaCP before v1.3.5. Attackers are able to arbitrarily install packages due to values taken from the pgk [] parameter in the update request being transmitted to the operating system's package manager. Se ha detectado un problema en HestiaCP versiones anteriores a 1.3.5. Los atacantes pueden instalar paquetes arbitrariamente debido a valores tomados del parámetro pgk [] en la petición de actualización que es transmitida al administrador de paquetes del sistema operativo. • https://github.com/hestiacp/hestiacp/commit/27556a9a43aeaf308b33be224c2e70f2011574e6 https://github.com/hestiacp/hestiacp/commit/9a1fccd37f2842fdf96ffb48895c4bfa9788c469 •