Hestiacp: >> Control Panel >> 0.9.8-28 Security Vulnerabilities
Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.9.
CVSS Score
3.5
EPSS Score
0.003
Published
2022-03-03
hestiacp is vulnerable to Use of Wrong Operator in String Comparison
CVSS Score
4.8
EPSS Score
0.004
Published
2021-09-15
Hestia Control Panel 1.3.5 and below, in a shared-hosting environment, sometimes allows remote authenticated users to create a subdomain for a different customer's domain name, leading to spoofing of services or email messages.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-02-16
In the Password Reset Module in VESTA Control Panel through 0.9.8-25 and Hestia Control Panel before 1.1.1, Host header manipulation leads to account takeover because the victim receives a reset URL containing an attacker-controlled server name.
CVSS Score
6.5
EPSS Score
0.005
Published
2020-03-25
Page 2