CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5839 – Privilege Chaining in hestiacp/hestiacp
https://notcve.org/view.php?id=CVE-2023-5839
Privilege Chaining in GitHub repository hestiacp/hestiacp prior to 1.8.9. Encadenamiento de privilegios en el repositorio de GitHub hestiacp/hestiacp antes de 1.8.9. • https://github.com/hestiacp/hestiacp/commit/acb766e1db53de70534524b3fbc2270689112630 https://huntr.com/bounties/21125f12-64a0-42a3-b218-26b9945a5bc0 • CWE-268: Privilege Chaining •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4517 – Cross-site Scripting (XSS) - Stored in hestiacp/hestiacp
https://notcve.org/view.php?id=CVE-2023-4517
Cross-site Scripting (XSS) - Stored in GitHub repository hestiacp/hestiacp prior to 1.8.6. Cross-Site Scripting (XSS) Almacenado en el repositorio de GitHub hestiacp/hestiacp antes de 1.8.6. • https://github.com/hestiacp/hestiacp/commit/d30e3edbca5915235643e46ab222cb7aed9b319a https://huntr.dev/bounties/508d1d21-c45d-47ff-833f-50c671882e51 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5084 – Cross-site Scripting (XSS) - Reflected in hestiacp/hestiacp
https://notcve.org/view.php?id=CVE-2023-5084
Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.8.8. Cross-Site Scripting (XSS): Reflejadas en el repositorio de GitHub hestiacp/hestiacp antes de 1.8.8. • https://github.com/hestiacp/hestiacp/pull/4013/commits/5131f5a966759df77477fdf7f29daa2bda93b1ff https://huntr.dev/bounties/f3340570-6e59-4c72-a7d1-d4b829b4fb45 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3479 – Cross-site Scripting (XSS) - Reflected in hestiacp/hestiacp
https://notcve.org/view.php?id=CVE-2023-3479
Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.7.8. • https://github.com/hestiacp/hestiacp/commit/2326aa525a7ba14513af783f29cb5e62a476e67a https://huntr.dev/bounties/6ac5cf87-6350-4645-8930-8f2876427723 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-30071
https://notcve.org/view.php?id=CVE-2021-30071
A cross-site scripting (XSS) vulnerability in /admin/list_key.html of HestiaCP before v1.3.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Una vulnerabilidad de tipo cross-site scripting (XSS) en el archivo /admin/list_key.html de HestiaCP versiones anteriores a v1.3.5, permite a atacantes ejecutar scripts web o HTML arbitrarios por medio de una carga útil diseñada. • https://github.com/hestiacp/hestiacp/commit/706314c12872c7607e96a73dfc77dbbddad2875e • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •