CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2020-10966
https://notcve.org/view.php?id=CVE-2020-10966
In the Password Reset Module in VESTA Control Panel through 0.9.8-25 and Hestia Control Panel before 1.1.1, Host header manipulation leads to account takeover because the victim receives a reset URL containing an attacker-controlled server name. En el Password Reset Module en VESTA Control Panel versiones hasta 0.9.8-25 y Hestia Control Panel versiones hasta 1.1.0, la manipulación del encabezado Host conlleva a la toma de control de la cuenta porque la víctima recibe un URL de restablecimiento que contiene un nombre de servidor controlado por el atacante. • https://github.com/hestiacp/hestiacp/issues/748 https://github.com/hestiacp/hestiacp/releases/tag/1.1.1 https://github.com/serghey-rodin/vesta/commit/c3c4de43d6701560f604ca7996f717b08e3d7d1d •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2019-12792
https://notcve.org/view.php?id=CVE-2019-12792
A command injection vulnerability in UploadHandler.php in Vesta Control Panel 0.9.8-24 allows remote attackers to escalate from regular registered users to root. Una vulnerabilidad de inyección de comandos en el archivo UploadHandler.php en Vesta Control Panel versión 0.9.8-24, permite a los atacantes remotos escalar desde usuarios registrados habituales hacia root. • https://cardaci.xyz/advisories/2019/08/12/vesta-control-panel-0.9.8-24-privilege-escalation-in-the-upload-handler https://github.com/serghey-rodin/vesta/issues/1921 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2019-12791
https://notcve.org/view.php?id=CVE-2019-12791
A directory traversal vulnerability in the v-list-user script in Vesta Control Panel 0.9.8-24 allows remote attackers to escalate from regular registered users to root via the password reset form. Una vulnerabilidad de salto de directorio en el script v-list-user en Vesta Control Panel versión 0.9.8-24, permite a los atacantes remotos escalar desde usuarios registrados habituales hacia root por medio del formulario de restablecimiento de contraseña. • https://cardaci.xyz/advisories/2019/08/12/vesta-control-panel-0.9.8-24-privilege-escalation-in-the-password-reset-form https://github.com/serghey-rodin/vesta/issues/1921 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-9841
https://notcve.org/view.php?id=CVE-2019-9841
Vesta Control Panel 0.9.8-23 allows XSS via a crafted URL. Vesta Control Panel versión 0.9.8-23 permite XSS mediante una URL creada. • https://cardaci.xyz/advisories/2019/04/15/vesta-control-panel-0.9.8-23-reflected-xss-in-file-manager-api https://forum.vestacp.com/viewtopic.php?f=25&t=18599&sid=fc1a48fd2f43815b2dc69c3f64caed36 https://github.com/serghey-rodin/vesta/commit/c28c5d29a3c61bc8110c11349e3f2309cd537cfa • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2018-18547 – VestaCP 0.9.8-22 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2018-18547
Vesta Control Panel through 0.9.8-22 has XSS via the edit/web/ domain parameter, the list/backup/ backup parameter, the list/rrd/ period parameter, the list/directory/ dir_a parameter, or the filename to the list/directory/ URI. Vesta Control Panel hasta la versión 0.9.8-22 tiene Cross-Site Scripting (XSS) mediante el parámetro domain en edit/web/, el parámetro backup en list/backup/, el parámetro period en list/rrd/, el parámetro dir_a en list/directory/ o el nombre de archivo en el URI list/directory/. VestaCP versions 0.9.8-22 and below suffer from multiple cross site scripting vulnerabilities. • http://packetstormsecurity.com/files/149897/VestaCP-0.9.8-22-Cross-Site-Scripting.html https://numanozdemir.com/vesta-vulns.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •