Show filters
5 Total Results
Displaying 1-5 of 5
Sort by:
Attacker Value
Unknown

CVE-2024-56236

Disclosure Date: January 02, 2025 (last updated January 03, 2025)
Missing Authorization vulnerability in Jakob Bouchard Hestia Nginx Cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hestia Nginx Cache: from n/a through 2.4.0.
0
0
Attacker Value
Unknown

CVE-2024-37467

Disclosure Date: January 02, 2025 (last updated January 03, 2025)
Cross-Site Request Forgery (CSRF) vulnerability in ThemeIsle Hestia allows Cross Site Request Forgery.This issue affects Hestia: from n/a through 3.1.2.
0
0
Attacker Value
Unknown

CVE-2023-4517

Disclosure Date: October 13, 2023 (last updated October 18, 2023)
Cross-site Scripting (XSS) - Stored in GitHub repository hestiacp/hestiacp prior to 1.8.6.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2023-5084

Disclosure Date: September 20, 2023 (last updated October 10, 2023)
Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.8.8.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2021-30070

Disclosure Date: August 18, 2022 (last updated October 08, 2023)
An issue was discovered in HestiaCP before v1.3.5. Attackers are able to arbitrarily install packages due to values taken from the pgk [] parameter in the update request being transmitted to the operating system's package manager.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0