Outroll
Products
1- 5 CVEs
Recent CVEs
5| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-25117 | Cri | 0.53 | — | 0.00 | Oct 15, 2025 | VestaCP commit a3f0fa1 (2018-05-31) up to commit ee03eff (2018-06-13) contain embedded malicious code that resulted in a supply-chain compromise. New installations created from the compromised installer since at least May 2018 were subject to installation of Linux/ChachaDDoS, a… | ||
| CVE-2022-36303 | 0.00 | — | 0.00 | Jul 19, 2022 | Vesta v1.0.0-5 was discovered to contain a cross-site scripting (XSS) vulnerability via the handle_file_upload function at /web/api/v1/upload/UploadHandler.php. | |||
| CVE-2021-43693 | 0.00 | — | 0.01 | Nov 29, 2021 | vesta 0.9.8-24 is affected by a file inclusion vulnerability in file web/add/user/index.php. | |||
| CVE-2019-9841 | 0.00 | — | 0.01 | Apr 19, 2019 | Vesta Control Panel 0.9.8-23 allows XSS via a crafted URL. | |||
| CVE-2018-1000884 | 0.00 | — | 0.01 | Dec 20, 2018 | Vesta CP version Prior to commit f6f6f9cfbbf2979e301956d1c6ab5c44386822c0 -- any release prior to 0.9.8-18 contains a CWE-208 / Information Exposure Through Timing Discrepancy vulnerability in Password reset code -- web/reset/index.php, line 51 that can result in Possible to… |
- risk 0.53cvss —epss 0.00
VestaCP commit a3f0fa1 (2018-05-31) up to commit ee03eff (2018-06-13) contain embedded malicious code that resulted in a supply-chain compromise. New installations created from the compromised installer since at least May 2018 were subject to installation of Linux/ChachaDDoS, a…
- CVE-2022-36303Jul 19, 2022risk 0.00cvss —epss 0.00
Vesta v1.0.0-5 was discovered to contain a cross-site scripting (XSS) vulnerability via the handle_file_upload function at /web/api/v1/upload/UploadHandler.php.
- CVE-2021-43693Nov 29, 2021risk 0.00cvss —epss 0.01
vesta 0.9.8-24 is affected by a file inclusion vulnerability in file web/add/user/index.php.
- CVE-2019-9841Apr 19, 2019risk 0.00cvss —epss 0.01
Vesta Control Panel 0.9.8-23 allows XSS via a crafted URL.
- CVE-2018-1000884Dec 20, 2018risk 0.00cvss —epss 0.01
Vesta CP version Prior to commit f6f6f9cfbbf2979e301956d1c6ab5c44386822c0 -- any release prior to 0.9.8-18 contains a CWE-208 / Information Exposure Through Timing Discrepancy vulnerability in Password reset code -- web/reset/index.php, line 51 that can result in Possible to…