0.9.8.23

DATE	CVE	VULNERABILITY TITLE	RISK
2022-11-13	CVE-2022-3967	Improper Enforcement of Message or Data Structure vulnerability in Vestacp Control Panel A vulnerability, which was classified as critical, was found in Vesta Control Panel. local low complexity vestacp CWE-707	7.8
2022-10-24	CVE-2021-46850	Argument Injection or Modification vulnerability in Vestacp Control Panel and Vesta Control Panel myVesta Control Panel before 0.9.8-26-43 and Vesta Control Panel before 0.9.8-26 are vulnerable to command injection. network low complexity vestacp CWE-88	7.2
2021-04-08	CVE-2021-30463	Link Following vulnerability in Vestacp Control Panel VestaCP through 0.9.8-24 allows attackers to gain privileges by creating symlinks to files for which they lack permissions. local low complexity vestacp CWE-59	7.2
2020-03-25	CVE-2020-10966	In the Password Reset Module in VESTA Control Panel through 0.9.8-25 and Hestia Control Panel before 1.1.1, Host header manipulation leads to account takeover because the victim receives a reset URL containing an attacker-controlled server name. network hestiacp vestacp	4.3
2019-04-19	CVE-2019-9841	Cross-site Scripting vulnerability in Vestacp Control Panel 0.9.823 Vesta Control Panel 0.9.8-23 allows XSS via a crafted URL. network vestacp CWE-79	4.3