CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2626 – Incorrect Privilege Assignment in hestiacp/hestiacp
https://notcve.org/view.php?id=CVE-2022-2626
Incorrect Privilege Assignment in GitHub repository hestiacp/hestiacp prior to 1.6.6. Una Asignación Inapropiada de Privilegios en el repositorio de GitHub hestiacp/hestiacp versiones anteriores a 1.6.6 • https://github.com/hestiacp/hestiacp/commit/b178b9719bb2c98cf8a6db70065086f596afad81 https://huntr.dev/bounties/704aacc9-edff-4da5-90a6-4adf8dbf36fe • CWE-266: Incorrect Privilege Assignment •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2550 – OS Command Injection in hestiacp/hestiacp
https://notcve.org/view.php?id=CVE-2022-2550
OS Command Injection in GitHub repository hestiacp/hestiacp prior to 1.6.5. Una Inyección de Comandos del Sistema Operativo en el repositorio de GitHub hestiacp/hestiacp versiones anteriores a 1.6.5 • https://github.com/hestiacp/hestiacp/commit/3d4c309cf138943cfd1e71ae51556406987aa4bf https://huntr.dev/bounties/6ab4384d-bcbe-4d98-bf67-35c3535fc5c7 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1509 – Command Injection Vulnerability in hestiacp/hestiacp
https://notcve.org/view.php?id=CVE-2022-1509
Sed Injection Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.12. An authenticated remote attacker with low privileges can execute arbitrary code under root context. Una Vulnerabilidad de Inyección de Sed en el repositorio de GitHub hestiacp/hestiacp versiones anteriores a 1.5.12. Un atacante remoto autenticado con bajos privilegios puede ejecutar código arbitrario bajo el contexto de root Command Injection Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.12. An authenticated remote attacker with low privileges can execute arbitrary code under root context. • https://github.com/hestiacp/hestiacp/commit/d50f95cf208049dfb6ac67a8020802121745bd60 https://huntr.dev/bounties/09e69dff-f281-4e51-8312-ed7ab7606338 • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0986 – Reflected Cross-site Scripting (XSS) Vulnerability in hestiacp/hestiacp
https://notcve.org/view.php?id=CVE-2022-0986
Reflected Cross-site Scripting (XSS) Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.11. Una vulnerabilidad de tipo Cross-site Scripting (XSS) Reflejado en el repositorio de GitHub hestiacp/hestiacp versiones anteriores a 1.5.11 • https://github.com/hestiacp/hestiacp/commit/fd42196718a6fa7fe17b37fab0933d3cbcb3db0d https://huntr.dev/bounties/57635c78-303f-412f-b75a-623df9fa9edd • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0752 – Cross-site Scripting (XSS) - Generic in hestiacp/hestiacp
https://notcve.org/view.php?id=CVE-2022-0752
Cross-site Scripting (XSS) - Generic in GitHub repository hestiacp/hestiacp prior to 1.5.9. Una vulnerabilidad de tipo Cross-site Scripting (XSS) - Genérico en el repositorio de GitHub hestiacp/hestiacp versiones anteriores a 1.5.9 • https://github.com/hestiacp/hestiacp/commit/ee10e2275139684fc9a2d32169d0da702cea5ad2 https://huntr.dev/bounties/49940dd2-72c2-4607-857a-1fade7e8f080 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •