CVE-2019-9841
published 2019-04-19CVE-2019-9841: Vesta Control Panel 0.9.8-23 allows XSS via a crafted URL.
PriorityP427medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
EPSS
1.32%
67.4th percentile
Vesta Control Panel 0.9.8-23 allows XSS via a crafted URL.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| drupal | drupal | — | — |
| vestacp | control_panel | — | — |
CVSS provenance
nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-fxq8-589v-pw8p: Vesta Control Panel 0
ghsa_unreviewed·2022-05-24
CVE-2019-9841 [MEDIUM] CWE-79 GHSA-fxq8-589v-pw8p: Vesta Control Panel 0
Vesta Control Panel 0.9.8-23 allows XSS via a crafted URL.
Drupal
Various Third-Party Vulnerabilities - PSA-2019-09-04
vendor_drupal·2019-09-04·CVSS 9.8
CVE-2017-9841 [CRITICAL] Various Third-Party Vulnerabilities - PSA-2019-09-04
Title: Various Third-Party Vulnerabilities - PSA-2019-09-04
Vulnerability Type: Various Third-Party Vulnerabilities
Description: In June of 2011, the Drupal Security Team issued Public Service Advisory PSA-2011-002 - External libraries and plugins . 8 years later that is still the policy of the Drupal Security team. As Drupal core and modules leverage third-party code more and more it seems like an important time to remind site owners that they are responsible for monitoring security of third-party libraries. Here is the advice from 2011 which is even more relevant today: Just like there's a need to diligently follow announcements and update contributed modules downloaded from Drupal.org, there's also a need to follow announcements by vendors of third-party libraries or plugins that are
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://cardaci.xyz/advisories/2019/04/15/vesta-control-panel-0.9.8-23-reflected-xss-in-file-manager-api/https://forum.vestacp.com/viewtopic.php?f=25&t=18599&sid=fc1a48fd2f43815b2dc69c3f64caed36https://github.com/serghey-rodin/vesta/commit/c28c5d29a3c61bc8110c11349e3f2309cd537cfahttps://cardaci.xyz/advisories/2019/04/15/vesta-control-panel-0.9.8-23-reflected-xss-in-file-manager-api/https://forum.vestacp.com/viewtopic.php?f=25&t=18599&sid=fc1a48fd2f43815b2dc69c3f64caed36https://github.com/serghey-rodin/vesta/commit/c28c5d29a3c61bc8110c11349e3f2309cd537cfa
2019-04-19
Published