Cross-Site Scripting Vulnerability in Vesta from Serghey Rodin
CVE-2022-34025

6.1MEDIUM

Key Information:

Vendor: Vestacp
Status: Vesta Control Panel
Vendor: CVE Published:; 19 July 2022

What is CVE-2022-34025?

Vesta, a web application developed by Serghey Rodin, has been identified with a cross-site scripting (XSS) vulnerability. This issue arises specifically in version 1.0.0-5 and can be exploited through the post function located at /web/api/v1/upload/UploadHandler.php. Attackers could leverage this vulnerability to inject malicious scripts into web pages viewed by users, potentially leading to unauthorized access and data theft. Developers and users of Vesta are strongly advised to apply security patches and updates to mitigate this risk.

References

https://github.com/serghey-rodin/vesta/issues/2252

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 19, 2022
Vulnerability Reserved
Jun 20, 2022

JSON

Vestacp

What is CVE-2022-34025?

References

CVSS V3.1

Timeline