VYPR
Vendor

Serghey Rodin

Products
1
CVEs
7
Across products
7
Status
Private

Products

1

Recent CVEs

7
  • CVE-2022-36305MedJul 19, 2022
    risk 0.40cvss 6.1epss 0.00

    Vesta v1.0.0-5 was discovered to contain a cross-site scripting (XSS) vulnerability via the body function at /web/api/v1/upload/UploadHandler.php.

  • CVE-2022-36304MedJul 19, 2022
    risk 0.40cvss 6.1epss 0.00

    Vesta v1.0.0-5 was discovered to contain a cross-site scripting (XSS) vulnerability via the generate_response function at /web/api/v1/upload/UploadHandler.php.

  • CVE-2022-36303MedJul 19, 2022
    risk 0.40cvss 6.1epss 0.00

    Vesta v1.0.0-5 was discovered to contain a cross-site scripting (XSS) vulnerability via the handle_file_upload function at /web/api/v1/upload/UploadHandler.php.

  • CVE-2022-34025MedJul 19, 2022
    risk 0.40cvss 6.1epss 0.00

    Vesta v1.0.0-5 was discovered to contain a cross-site scripting (XSS) vulnerability via the post function at /web/api/v1/upload/UploadHandler.php.

  • CVE-2022-3967MedNov 13, 2022
    risk 0.00cvss 5.3epss 0.00

    A vulnerability, which was classified as critical, was found in Vesta Control Panel. Affected is an unknown function of the file func/main.sh of the component sed Handler. The manipulation leads to argument injection. An attack has to be approached locally. The name of the patch…

  • CVE-2020-10966MedMar 25, 2020
    risk 0.00cvss 6.5epss 0.02

    In the Password Reset Module in VESTA Control Panel through 0.9.8-25 and Hestia Control Panel before 1.1.1, Host header manipulation leads to account takeover because the victim receives a reset URL containing an attacker-controlled server name.

  • CVE-2018-1000884CriDec 20, 2018
    risk 0.00cvss 9.8epss 0.01

    Vesta CP version Prior to commit f6f6f9cfbbf2979e301956d1c6ab5c44386822c0 -- any release prior to 0.9.8-18 contains a CWE-208 / Information Exposure Through Timing Discrepancy vulnerability in Password reset code -- web/reset/index.php, line 51 that can result in Possible to…