Search Results | AttackerKB

A cross-site scripting (XSS) vulnerability in /admin/list_key.html of HestiaCP before v1.3.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

Attack Vector: Network Privileges: None User Interaction: Required

Attacker Value

Unknown

CVE-2021-30070

Disclosure Date: August 18, 2022 (last updated October 08, 2023)

An issue was discovered in HestiaCP before v1.3.5. Attackers are able to arbitrarily install packages due to values taken from the pgk [] parameter in the update request being transmitted to the operating system's package manager.

Attack Vector: Network Privileges: None User Interaction: None

Attacker Value

Unknown

CVE-2022-2636

Disclosure Date: August 05, 2022 (last updated October 08, 2023)

Improper Control of Generation of Code ('Code Injection') in GitHub repository hestiacp/hestiacp prior to 1.6.6.

Attack Vector: Network Privileges: Low User Interaction: None

Attacker Value

Unknown

CVE-2022-2626

Disclosure Date: August 05, 2022 (last updated October 08, 2023)

Incorrect Privilege Assignment in GitHub repository hestiacp/hestiacp prior to 1.6.6.

Attack Vector: Network Privileges: High User Interaction: None

Attacker Value

Unknown

CVE-2022-2550

Disclosure Date: July 27, 2022 (last updated October 07, 2023)

OS Command Injection in GitHub repository hestiacp/hestiacp prior to 1.6.5.

Attack Vector: Network Privileges: Low User Interaction: None

Attacker Value

Unknown

CVE-2022-1509

Disclosure Date: April 28, 2022 (last updated August 30, 2024)

Command Injection Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.12. An authenticated remote attacker with low privileges can execute arbitrary code under root context.

Attack Vector: Network Privileges: Low User Interaction: None

17 Total Results

Displaying 1-10 of 17

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Quick Cookie Notification