Filtered by vendor Hestiacp Subscriptions
Filtered by product Hestiacp Subscriptions
Total 4 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-5084 1 Hestiacp 1 Hestiacp 2024-12-03 3.9 Low
Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.8.8.
CVE-2023-4517 1 Hestiacp 1 Hestiacp 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository hestiacp/hestiacp prior to 1.8.6.
CVE-2023-3479 1 Hestiacp 2 Control Panel, Hestiacp 2024-11-21 6.1 Medium
Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.7.8.
CVE-2021-30070 1 Hestiacp 1 Hestiacp 2024-11-21 7.5 High
An issue was discovered in HestiaCP before v1.3.5. Attackers are able to arbitrarily install packages due to values taken from the pgk [] parameter in the update request being transmitted to the operating system's package manager.