Cross-Site Scripting Vulnerability in Vesta by Serghey Rodin
CVE-2022-36303

6.1MEDIUM

Key Information:

Vendor: Vestacp
Status: Vesta Control Panel
Vendor: CVE Published:; 19 July 2022

What is CVE-2022-36303?

Vesta, a popular web management tool maintained by Serghey Rodin, has been identified with a vulnerability that allows for Cross-Site Scripting (XSS). This security issue arises in the handle_file_upload function found in the UploadHandler.php file, specifically for versions v1.0.0 to v5. Attackers could exploit this vulnerability to execute arbitrary scripts in the context of users' browsers, potentially leading to unauthorized actions and data exposure.

References

https://github.com/serghey-rodin/vesta/issues/2252

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 19, 2022
Vulnerability Reserved
Jul 19, 2022

CVE-2022-36303 Data

JSON

Vestacp

What is CVE-2022-36303?

References

CVSS V3.1

Timeline