Hestiacp: Security Vulnerabilities
Privilege Chaining in GitHub repository hestiacp/hestiacp prior to 1.8.9.
CVSS Score
8.8
EPSS Score
0.0
Published
2023-10-29
Cross-site Scripting (XSS) - Stored in GitHub repository hestiacp/hestiacp prior to 1.8.6.
CVSS Score
3.2
EPSS Score
0.001
Published
2023-10-13
Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.8.8.
CVSS Score
3.9
EPSS Score
0.0
Published
2023-09-20
Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.7.8.
CVSS Score
4.3
EPSS Score
0.168
Published
2023-06-30
An issue was discovered in HestiaCP before v1.3.5. Attackers are able to arbitrarily install packages due to values taken from the pgk [] parameter in the update request being transmitted to the operating system's package manager.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-08-18
A cross-site scripting (XSS) vulnerability in /admin/list_key.html of HestiaCP before v1.3.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVSS Score
6.1
EPSS Score
0.001
Published
2022-08-18
Improper Control of Generation of Code ('Code Injection') in GitHub repository hestiacp/hestiacp prior to 1.6.6.
CVSS Score
8.5
EPSS Score
0.001
Published
2022-08-05
Incorrect Privilege Assignment in GitHub repository hestiacp/hestiacp prior to 1.6.6.
CVSS Score
9.1
EPSS Score
0.001
Published
2022-08-05
OS Command Injection in GitHub repository hestiacp/hestiacp prior to 1.6.5.
CVSS Score
9.9
EPSS Score
0.293
Published
2022-07-27
Command Injection Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.12. An authenticated remote attacker with low privileges can execute arbitrary code under root context.
CVSS Score
9.9
EPSS Score
0.017
Published
2022-04-28
Page 1