CVE-2021-30071

hestiacp/hestiacp

on github

Published

August 18, 2022

Severity

CVSS v3:

6.1 MEDIUM

CVSS v2:

4.3 MEDIUM

Description

A cross-site scripting (XSS) vulnerability in /admin/list_key.html of HestiaCP before v1.3.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

References

https://github.com/hestiacp/hestiacp/commit/706314c12872c7607e96a73dfc77dbbddad2875e

Configurations

CPE23	Version Start	Version End	Exact Version
cpe:2.3:a:hestiacp:hestiacp::::::::	n/a	1.3.5	*
cpe:2.3:a:hestiacp:control_panel::::::::	n/a	1.3.5	*

External Links

NVD - CVE-2021-30071