CVE-2022-0752 – Cross-site Scripting (XSS) - Generic in hestiacp/hestiacp
https://notcve.org/view.php?id=CVE-2022-0752
Cross-site Scripting (XSS) - Generic in GitHub repository hestiacp/hestiacp prior to 1.5.9. Una vulnerabilidad de tipo Cross-site Scripting (XSS) - Genérico en el repositorio de GitHub hestiacp/hestiacp versiones anteriores a 1.5.9 • https://github.com/hestiacp/hestiacp/commit/ee10e2275139684fc9a2d32169d0da702cea5ad2 https://huntr.dev/bounties/49940dd2-72c2-4607-857a-1fade7e8f080 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-0838 – Cross-site Scripting (XSS) - Reflected in hestiacp/hestiacp
https://notcve.org/view.php?id=CVE-2022-0838
Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.10. Una vulnerabilidad de tipo Cross-site Scripting (XSS) - Reflejado en el repositorio de GitHub hestiacp/hestiacp versiones anteriores a 1.5.10 • https://github.com/hestiacp/hestiacp/commit/640f822d306ffb3eddf8ce2f46de75d7344283c1 https://huntr.dev/bounties/bd2fb1f1-cc8b-4ef7-8e2b-4ca686d8d614 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-0753 – Cross-site Scripting (XSS) - Reflected in hestiacp/hestiacp
https://notcve.org/view.php?id=CVE-2022-0753
Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.9. Una vulnerabilidad de tipo Cross-site Scripting (XSS) - Reflejado en el repositorio GitHub hestiacp/hestiacp versiones anteriores a 1.5.9 • https://github.com/hestiacp/hestiacp/commit/ee10e2275139684fc9a2d32169d0da702cea5ad2 https://huntr.dev/bounties/8ce4b776-1c53-45ec-bc5f-783077e2d324 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-3797 – Use of Wrong Operator in String Comparison in hestiacp/hestiacp
https://notcve.org/view.php?id=CVE-2021-3797
hestiacp is vulnerable to Use of Wrong Operator in String Comparison hestiacp es vulnerable al uso de un Operador Incorrecto en la Comparación de Cadenas • https://github.com/hestiacp/hestiacp/commit/fc68baff4f94b59e38316f886d0ce47d337042f7 https://huntr.dev/bounties/c24fb15c-3c84-45c8-af04-a660f8da388f • CWE-597: Use of Wrong Operator in String Comparison •
CVE-2021-30463
https://notcve.org/view.php?id=CVE-2021-30463
VestaCP through 0.9.8-24 allows attackers to gain privileges by creating symlinks to files for which they lack permissions. After reading the RKEY value from user.conf under the /usr/local/vesta/data/users/admin directory, the admin password can be changed via a /reset/?action=confirm&user=admin&code= URI. This occurs because chmod is used unsafely. VestaCP versiones hasta 0.9.8-24, permite a atacantes alcanzar privilegios al crear enlaces simbólicos en archivos para los que carecen de permisos. • https://ssd-disclosure.com/ssd-advisory-vestacp-lpe-vulnerabilities • CWE-59: Improper Link Resolution Before File Access ('Link Following') •