14 results (0.008 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2023-5839 – Privilege Chaining in hestiacp/hestiacp

https://notcve.org/view.php?id=CVE-2023-5839

Privilege Chaining in GitHub repository hestiacp/hestiacp prior to 1.8.9. Encadenamiento de privilegios en el repositorio de GitHub hestiacp/hestiacp antes de 1.8.9. • https://github.com/hestiacp/hestiacp/commit/acb766e1db53de70534524b3fbc2270689112630 https://huntr.com/bounties/21125f12-64a0-42a3-b218-26b9945a5bc0 • CWE-268: Privilege Chaining •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2023-3479 – Cross-site Scripting (XSS) - Reflected in hestiacp/hestiacp

https://notcve.org/view.php?id=CVE-2023-3479

Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.7.8. • https://github.com/hestiacp/hestiacp/commit/2326aa525a7ba14513af783f29cb5e62a476e67a https://huntr.dev/bounties/6ac5cf87-6350-4645-8930-8f2876427723 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2021-30071

https://notcve.org/view.php?id=CVE-2021-30071

A cross-site scripting (XSS) vulnerability in /admin/list_key.html of HestiaCP before v1.3.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Una vulnerabilidad de tipo cross-site scripting (XSS) en el archivo /admin/list_key.html de HestiaCP versiones anteriores a v1.3.5, permite a atacantes ejecutar scripts web o HTML arbitrarios por medio de una carga útil diseñada. • https://github.com/hestiacp/hestiacp/commit/706314c12872c7607e96a73dfc77dbbddad2875e • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2022-2636 – Code Injection in hestiacp/hestiacp

https://notcve.org/view.php?id=CVE-2022-2636

Improper Control of Generation of Code ('Code Injection') in GitHub repository hestiacp/hestiacp prior to 1.6.6. Una Comprobación de Entrada Inapropiada en el repositorio de GitHub hestiacp/hestiacp versiones anteriores a 1.6.6 • https://github.com/hestiacp/hestiacp/commit/b178b9719bb2c98cf8a6db70065086f596afad81 https://huntr.dev/bounties/357c0390-631c-4684-b6e1-a6d8b2453d66 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2022-2626 – Incorrect Privilege Assignment in hestiacp/hestiacp

https://notcve.org/view.php?id=CVE-2022-2626

Incorrect Privilege Assignment in GitHub repository hestiacp/hestiacp prior to 1.6.6. Una Asignación Inapropiada de Privilegios en el repositorio de GitHub hestiacp/hestiacp versiones anteriores a 1.6.6 • https://github.com/hestiacp/hestiacp/commit/b178b9719bb2c98cf8a6db70065086f596afad81 https://huntr.dev/bounties/704aacc9-edff-4da5-90a6-4adf8dbf36fe • CWE-266: Incorrect Privilege Assignment •