Hestiacp Hestiacp vulnerabilities
13 known vulnerabilities affecting hestiacp/hestiacp_hestiacp.
Total CVEs
13
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH5MEDIUM7
Vulnerabilities
Page 1 of 1
CVE-2022-2550P2HIGHCVSS 8.8≥ unspecified, < 1.6.52022-07-27
CVE-2022-2550 [HIGH] CWE-78 CVE-2022-2550: OS Command Injection in GitHub repository hestiacp/hestiacp prior to 1.6.5.
OS Command Injection in GitHub repository hestiacp/hestiacp prior to 1.6.5.
nvd
CVE-2022-1509P2HIGHCVSS 8.8≥ unspecified, < 1.5.122022-04-28
CVE-2022-1509 [HIGH] CWE-77 CVE-2022-1509: Command Injection Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.12. An authentic
Command Injection Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.12. An authenticated remote attacker with low privileges can execute arbitrary code under root context.
nvd
CVE-2023-3479P3MEDIUMCVSS 6.1PoC≥ unspecified, < 1.7.82023-06-30
CVE-2023-3479 [MEDIUM] CWE-79 CVE-2023-3479: Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.7.8.
Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.7.8.
nvd
CVE-2022-2636P3HIGHCVSS 8.8≥ unspecified, < 1.6.62022-08-05
CVE-2022-2636 [HIGH] CWE-94 CVE-2022-2636: Improper Control of Generation of Code ('Code Injection') in GitHub repository hestiacp/hestiacp pri
Improper Control of Generation of Code ('Code Injection') in GitHub repository hestiacp/hestiacp prior to 1.6.6.
nvd
CVE-2021-3797P3CRITICALCVSS 9.8≥ unspecified, ≤ 1.4.132021-09-15
CVE-2021-3797 [CRITICAL] CWE-597 CVE-2021-3797: hestiacp is vulnerable to Use of Wrong Operator in String Comparison
hestiacp is vulnerable to Use of Wrong Operator in String Comparison
nvd
CVE-2022-2626P3HIGHCVSS 7.2≥ unspecified, < 1.6.62022-08-05
CVE-2022-2626 [HIGH] CWE-266 CVE-2022-2626: Incorrect Privilege Assignment in GitHub repository hestiacp/hestiacp prior to 1.6.6.
Incorrect Privilege Assignment in GitHub repository hestiacp/hestiacp prior to 1.6.6.
nvd
CVE-2023-5839P3HIGHCVSS 7.8≥ unspecified, < 1.8.92023-10-29
CVE-2023-5839 [HIGH] CWE-268 CVE-2023-5839: Privilege Chaining in GitHub repository hestiacp/hestiacp prior to 1.8.9.
Privilege Chaining in GitHub repository hestiacp/hestiacp prior to 1.8.9.
nvd
CVE-2022-0838P4MEDIUMCVSS 6.1≥ unspecified, < 1.5.102022-03-04
CVE-2022-0838 [MEDIUM] CWE-79 CVE-2022-0838: Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.10.
Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.10.
nvd
CVE-2022-0752P4MEDIUMCVSS 6.1≥ unspecified, < 1.5.92022-03-04
CVE-2022-0752 [MEDIUM] CWE-79 CVE-2022-0752: Cross-site Scripting (XSS) - Generic in GitHub repository hestiacp/hestiacp prior to 1.5.9.
Cross-site Scripting (XSS) - Generic in GitHub repository hestiacp/hestiacp prior to 1.5.9.
nvd
CVE-2022-0986P4MEDIUMCVSS 6.1≥ unspecified, < 1.5.112022-03-16
CVE-2022-0986 [MEDIUM] CWE-79 CVE-2022-0986: Reflected Cross-site Scripting (XSS) Vulnerability in GitHub repository hestiacp/hestiacp prior to 1
Reflected Cross-site Scripting (XSS) Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.11.
nvd
CVE-2022-0753P4MEDIUMCVSS 6.1≥ unspecified, < 1.5.92022-03-03
CVE-2022-0753 [MEDIUM] CWE-79 CVE-2022-0753: Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.9.
Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.9.
nvd
CVE-2023-5084P4MEDIUMCVSS 6.1≥ unspecified, < 1.8.82023-09-20
CVE-2023-5084 [MEDIUM] CWE-79 CVE-2023-5084: Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.8.8.
Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.8.8.
nvd
CVE-2023-4517P4MEDIUMCVSS 5.4≥ unspecified, < 1.8.62023-10-13
CVE-2023-4517 [MEDIUM] CWE-79 CVE-2023-4517: Cross-site Scripting (XSS) - Stored in GitHub repository hestiacp/hestiacp prior to 1.8.6.
Cross-site Scripting (XSS) - Stored in GitHub repository hestiacp/hestiacp prior to 1.8.6.
nvd