Known Vulnerabilities for products from Hestiacp
Listed below are 17 of the newest known vulnerabilities associated with the vendor "Hestiacp".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-43634 json | Not Provided | 2026-05-19 | 2026-05-19 | |
| CVE-2026-43633 json | Not Provided | 2026-05-19 | 2026-05-19 | |
| CVE-2023-5839 json | Privilege Chaining in GitHub repository hestiacp/hestiacp prior to 1.8.9. | 7.8 - HIGH | 2023-10-29 | 2023-11-08 |
| CVE-2023-5084 json | Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.8.8. | 6.1 - MEDIUM | 2023-09-20 | 2024-02-01 |
| CVE-2023-4517 json | Cross-site Scripting (XSS) - Stored in GitHub repository hestiacp/hestiacp prior to 1.8.6. | 5.4 - MEDIUM | 2023-10-13 | 2023-10-17 |
| CVE-2023-3479 json | Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.7.8. | 6.1 - MEDIUM | 2023-06-30 | 2023-07-06 |
| CVE-2022-2636 json | Improper Control of Generation of Code ('Code Injection') in GitHub repository hestiacp/hestiacp prior to 1.6.6. | 8.8 - HIGH | 2022-08-05 | 2023-07-12 |
| CVE-2022-2626 json | Incorrect Privilege Assignment in GitHub repository hestiacp/hestiacp prior to 1.6.6. | 7.2 - HIGH | 2022-08-05 | 2022-08-08 |
| CVE-2022-2550 json | OS Command Injection in GitHub repository hestiacp/hestiacp prior to 1.6.5. | 8.8 - HIGH | 2022-07-27 | 2022-08-02 |
| CVE-2022-1509 json | Sed Injection Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.12. An authenticated remote attacker with low... | 8.8 - HIGH | 2022-04-28 | 2022-05-06 |
| CVE-2022-0986 json | Reflected Cross-site Scripting (XSS) Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.11. | 6.1 - MEDIUM | 2022-03-16 | 2022-03-22 |
| CVE-2022-0838 json | Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.10. | 6.1 - MEDIUM | 2022-03-04 | 2022-03-10 |
| CVE-2022-0753 json | Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.9. | 6.1 - MEDIUM | 2022-03-03 | 2022-03-09 |
| CVE-2022-0752 json | Cross-site Scripting (XSS) - Generic in GitHub repository hestiacp/hestiacp prior to 1.5.9. | 6.1 - MEDIUM | 2022-03-04 | 2022-03-10 |
| CVE-2021-30071 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 6.1 - MEDIUM | 2022-08-18 | 2022-10-24 |
| CVE-2021-30070 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2022-08-18 | 2022-08-19 |
| CVE-2021-27231 json | Hestia Control Panel 1.3.5 and below, in a shared-hosting environment, sometimes allows remote authenticated users to create ... | 5.4 - MEDIUM | 2021-02-16 | 2021-06-03 |
| CVE-2021-3797 json | hestiacp is vulnerable to Use of Wrong Operator in String Comparison | 9.8 - CRITICAL | 2021-09-15 | 2021-09-27 |
| CVE-2020-10966 json | In the Password Reset Module in VESTA Control Panel through 0.9.8-25 and Hestia Control Panel before 1.1.1, Host header manip... | 6.5 - MEDIUM | 2020-03-25 | 2022-07-12 |
Known software with vulnerabilities from Hestiacp
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Hestiacp | Control Panel | - |