CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5839 – Privilege Chaining in hestiacp/hestiacp
https://notcve.org/view.php?id=CVE-2023-5839
Privilege Chaining in GitHub repository hestiacp/hestiacp prior to 1.8.9. Encadenamiento de privilegios en el repositorio de GitHub hestiacp/hestiacp antes de 1.8.9. • https://github.com/hestiacp/hestiacp/commit/acb766e1db53de70534524b3fbc2270689112630 https://huntr.com/bounties/21125f12-64a0-42a3-b218-26b9945a5bc0 • CWE-268: Privilege Chaining •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3479 – Cross-site Scripting (XSS) - Reflected in hestiacp/hestiacp
https://notcve.org/view.php?id=CVE-2023-3479
Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.7.8. • https://github.com/hestiacp/hestiacp/commit/2326aa525a7ba14513af783f29cb5e62a476e67a https://huntr.dev/bounties/6ac5cf87-6350-4645-8930-8f2876427723 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3967 – Vesta Control Panel sed main.sh argument injection
https://notcve.org/view.php?id=CVE-2022-3967
A vulnerability, which was classified as critical, was found in Vesta Control Panel. Affected is an unknown function of the file func/main.sh of the component sed Handler. The manipulation leads to argument injection. An attack has to be approached locally. The name of the patch is 39561c32c12cabe563de48cc96eccb9e2c655e25. • https://github.com/serghey-rodin/vesta/commit/39561c32c12cabe563de48cc96eccb9e2c655e25 https://vuldb.com/?id.213546 • CWE-707: Improper Neutralization •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-30071
https://notcve.org/view.php?id=CVE-2021-30071
A cross-site scripting (XSS) vulnerability in /admin/list_key.html of HestiaCP before v1.3.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Una vulnerabilidad de tipo cross-site scripting (XSS) en el archivo /admin/list_key.html de HestiaCP versiones anteriores a v1.3.5, permite a atacantes ejecutar scripts web o HTML arbitrarios por medio de una carga útil diseñada. • https://github.com/hestiacp/hestiacp/commit/706314c12872c7607e96a73dfc77dbbddad2875e • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2636 – Code Injection in hestiacp/hestiacp
https://notcve.org/view.php?id=CVE-2022-2636
Improper Control of Generation of Code ('Code Injection') in GitHub repository hestiacp/hestiacp prior to 1.6.6. Una Comprobación de Entrada Inapropiada en el repositorio de GitHub hestiacp/hestiacp versiones anteriores a 1.6.6 • https://github.com/hestiacp/hestiacp/commit/b178b9719bb2c98cf8a6db70065086f596afad81 https://huntr.dev/bounties/357c0390-631c-4684-b6e1-a6d8b2453d66 • CWE-94: Improper Control of Generation of Code ('Code Injection') •