cbcvebase.

Hestiacp Hestiacp vulnerabilities

13 known vulnerabilities affecting hestiacp/hestiacp_hestiacp.

Total CVEs
13
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH5MEDIUM7

Vulnerabilities

Page 1 of 1
CVE-2022-2550P2HIGHCVSS 8.8≥ unspecified, < 1.6.52022-07-27
CVE-2022-2550 [HIGH] CWE-78 CVE-2022-2550: OS Command Injection in GitHub repository hestiacp/hestiacp prior to 1.6.5. OS Command Injection in GitHub repository hestiacp/hestiacp prior to 1.6.5.
nvd
CVE-2022-1509P2HIGHCVSS 8.8≥ unspecified, < 1.5.122022-04-28
CVE-2022-1509 [HIGH] CWE-77 CVE-2022-1509: Command Injection Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.12. An authentic Command Injection Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.12. An authenticated remote attacker with low privileges can execute arbitrary code under root context.
nvd
CVE-2023-3479P3MEDIUMCVSS 6.1PoC≥ unspecified, < 1.7.82023-06-30
CVE-2023-3479 [MEDIUM] CWE-79 CVE-2023-3479: Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.7.8. Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.7.8.
nvd
CVE-2022-2636P3HIGHCVSS 8.8≥ unspecified, < 1.6.62022-08-05
CVE-2022-2636 [HIGH] CWE-94 CVE-2022-2636: Improper Control of Generation of Code ('Code Injection') in GitHub repository hestiacp/hestiacp pri Improper Control of Generation of Code ('Code Injection') in GitHub repository hestiacp/hestiacp prior to 1.6.6.
nvd
CVE-2021-3797P3CRITICALCVSS 9.8≥ unspecified, ≤ 1.4.132021-09-15
CVE-2021-3797 [CRITICAL] CWE-597 CVE-2021-3797: hestiacp is vulnerable to Use of Wrong Operator in String Comparison hestiacp is vulnerable to Use of Wrong Operator in String Comparison
nvd
CVE-2022-2626P3HIGHCVSS 7.2≥ unspecified, < 1.6.62022-08-05
CVE-2022-2626 [HIGH] CWE-266 CVE-2022-2626: Incorrect Privilege Assignment in GitHub repository hestiacp/hestiacp prior to 1.6.6. Incorrect Privilege Assignment in GitHub repository hestiacp/hestiacp prior to 1.6.6.
nvd
CVE-2023-5839P3HIGHCVSS 7.8≥ unspecified, < 1.8.92023-10-29
CVE-2023-5839 [HIGH] CWE-268 CVE-2023-5839: Privilege Chaining in GitHub repository hestiacp/hestiacp prior to 1.8.9. Privilege Chaining in GitHub repository hestiacp/hestiacp prior to 1.8.9.
nvd
CVE-2022-0838P4MEDIUMCVSS 6.1≥ unspecified, < 1.5.102022-03-04
CVE-2022-0838 [MEDIUM] CWE-79 CVE-2022-0838: Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.10. Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.10.
nvd
CVE-2022-0752P4MEDIUMCVSS 6.1≥ unspecified, < 1.5.92022-03-04
CVE-2022-0752 [MEDIUM] CWE-79 CVE-2022-0752: Cross-site Scripting (XSS) - Generic in GitHub repository hestiacp/hestiacp prior to 1.5.9. Cross-site Scripting (XSS) - Generic in GitHub repository hestiacp/hestiacp prior to 1.5.9.
nvd
CVE-2022-0986P4MEDIUMCVSS 6.1≥ unspecified, < 1.5.112022-03-16
CVE-2022-0986 [MEDIUM] CWE-79 CVE-2022-0986: Reflected Cross-site Scripting (XSS) Vulnerability in GitHub repository hestiacp/hestiacp prior to 1 Reflected Cross-site Scripting (XSS) Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.11.
nvd
CVE-2022-0753P4MEDIUMCVSS 6.1≥ unspecified, < 1.5.92022-03-03
CVE-2022-0753 [MEDIUM] CWE-79 CVE-2022-0753: Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.9. Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.9.
nvd
CVE-2023-5084P4MEDIUMCVSS 6.1≥ unspecified, < 1.8.82023-09-20
CVE-2023-5084 [MEDIUM] CWE-79 CVE-2023-5084: Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.8.8. Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.8.8.
nvd
CVE-2023-4517P4MEDIUMCVSS 5.4≥ unspecified, < 1.8.62023-10-13
CVE-2023-4517 [MEDIUM] CWE-79 CVE-2023-4517: Cross-site Scripting (XSS) - Stored in GitHub repository hestiacp/hestiacp prior to 1.8.6. Cross-site Scripting (XSS) - Stored in GitHub repository hestiacp/hestiacp prior to 1.8.6.
nvd
Hestiacp Hestiacp vulnerabilities | cvebase