CVE-2022-0752
published 2022-03-04CVE-2022-0752: Cross-site Scripting (XSS) - Generic in GitHub repository hestiacp/hestiacp prior to 1.5.9.
PriorityP425medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.95%
56.9th percentile
Cross-site Scripting (XSS) - Generic in GitHub repository hestiacp/hestiacp prior to 1.5.9.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hestiacp | control_panel | < 1.5.9 | 1.5.9 |
| hestiacp | hestiacp_hestiacp | >= unspecified < 1.5.9 | 1.5.9 |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv3.03.5LOWCVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
cisa7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-765r-hpgp-6cmv: Cross-site Scripting (XSS) - Generic in GitHub repository hestiacp/hestiacp prior to 1
ghsa_unreviewed·2022-03-05
CVE-2022-0752 [MEDIUM] CWE-79 GHSA-765r-hpgp-6cmv: Cross-site Scripting (XSS) - Generic in GitHub repository hestiacp/hestiacp prior to 1
Cross-site Scripting (XSS) - Generic in GitHub repository hestiacp/hestiacp prior to 1.5.9.
CISA
Ruby on Rails Directory Traversal Vulnerability
cisa·2022-03-25·CVSS 7.5
CVE-2016-0752 [HIGH] CWE-22 Ruby on Rails Directory Traversal Vulnerability
Vulnerability: Ruby on Rails Directory Traversal Vulnerability
Affected: Rails Ruby on Rails
Directory traversal vulnerability in Action View in Ruby on Rails allows remote attackers to read arbitrary files.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2016-0752
Remediation Due Date: 2022-04-15
CISA
Microsoft Internet Explorer Type Confusion Vulnerability
cisa·2022-02-15·CVSS 7.5
CVE-2019-0752 [HIGH] CWE-843 Microsoft Internet Explorer Type Confusion Vulnerability
Vulnerability: Microsoft Internet Explorer Type Confusion Vulnerability
Affected: Microsoft Internet Explorer
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2019-0752
Remediation Due Date: 2022-08-15
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-03-04
Published