Vulnerabilities > Hestiacp > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-13 | CVE-2023-4517 | Cross-site Scripting vulnerability in Hestiacp Cross-site Scripting (XSS) - Stored in GitHub repository hestiacp/hestiacp prior to 1.8.6. | 5.4 |
| 2023-09-20 | CVE-2023-5084 | Cross-site Scripting vulnerability in Hestiacp Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.8.8. | 6.1 |
| 2023-06-30 | CVE-2023-3479 | Cross-site Scripting vulnerability in Hestiacp Control Panel Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.7.8. | 6.1 |
| 2022-08-18 | CVE-2021-30071 | Cross-site Scripting vulnerability in Hestiacp Control Panel A cross-site scripting (XSS) vulnerability in /admin/list_key.html of HestiaCP before v1.3.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | 6.1 |
| 2022-03-16 | CVE-2022-0986 | Cross-site Scripting vulnerability in Hestiacp Control Panel Reflected Cross-site Scripting (XSS) Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.11. | 4.3 |
| 2022-03-04 | CVE-2022-0752 | Cross-site Scripting vulnerability in Hestiacp Control Panel Cross-site Scripting (XSS) - Generic in GitHub repository hestiacp/hestiacp prior to 1.5.9. | 4.3 |
| 2022-03-04 | CVE-2022-0838 | Cross-site Scripting vulnerability in Hestiacp Control Panel Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.10. | 4.3 |
| 2022-03-03 | CVE-2022-0753 | Cross-site Scripting vulnerability in Hestiacp Control Panel Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.9. | 4.3 |
| 2021-02-16 | CVE-2021-27231 | Unspecified vulnerability in Hestiacp Control Panel Hestia Control Panel 1.3.5 and below, in a shared-hosting environment, sometimes allows remote authenticated users to create a subdomain for a different customer's domain name, leading to spoofing of services or email messages. | 5.5 |
| 2020-03-25 | CVE-2020-10966 | In the Password Reset Module in VESTA Control Panel through 0.9.8-25 and Hestia Control Panel before 1.1.1, Host header manipulation leads to account takeover because the victim receives a reset URL containing an attacker-controlled server name. | 4.3 |