Handler on Duty: Xavier Mertens
Threat Level: green
Published | 2022-08-18 05:15:00 |
---|---|
Last Modified | 2022-08-19 16:03:00 |
AKA | CVE-2021-30071 |
Summary | A cross-site scripting (XSS) vulnerability in /admin/list_key.html of HestiaCP before v1.3.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. |
CVSS Score | 4.3 |
Access Vector | Local | Adjacent | Network |
---|---|---|---|
Access Complexity | Low | Medium | High |
Authentication | None | Single | Multiple |
Confidentiality | None | Partial | Complete |
Integrity | None | Partial | Complete |
Availability | None | Partial | Complete |