Search
Find a vulnerability
Search criteria
4 vulnerabilities found for VestaCP by VestaCP
CVE-2020-36948 (GCVE-0-2020-36948)
Vulnerability from nvd – Published: 2026-01-27 15:23 – Updated: 2026-03-05 01:27
VLAI
Title
VestaCP 0.9.8-26 - 'LoginAs' Insufficient Session Validation
Summary
VestaCP 0.9.8-26 contains a session token vulnerability in the LoginAs module that allows remote attackers to manipulate authentication tokens. Attackers can exploit insufficient token validation to access user accounts and perform unauthorized login requests without proper administrative permissions.
Severity
9.8 (Critical)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/49219 | exploit |
| https://vestacp.com/ | product |
| https://www.vulnerability-lab.com/get_content.php… | technical-descriptionexploit |
| https://www.vulnerability-lab.com/show.php?user=B… | vendor-advisory |
| https://www.vulncheck.com/advisories/vestacp-logi… | third-party-advisory |
Date Public
2020-11-26 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-36948",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-27T21:07:57.516937Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-27T21:36:26.071Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.vulnerability-lab.com/show.php?user=Benjamin%20K.M."
},
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/49219"
},
{
"tags": [
"exploit"
],
"url": "https://www.vulnerability-lab.com/get_content.php?id=2240"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "VestaCP",
"vendor": "VestaCP",
"versions": [
{
"status": "affected",
"version": "0.9.8-26"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vestacp:vesta_control_panel:0.9.8-26:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Vulnerability-Lab"
}
],
"datePublic": "2020-11-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "VestaCP 0.9.8-26 contains a session token vulnerability in the LoginAs module that allows remote attackers to manipulate authentication tokens. Attackers can exploit insufficient token validation to access user accounts and perform unauthorized login requests without proper administrative permissions."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T01:27:04.698Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-49219",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/49219"
},
{
"name": "VestaCP Official Homepage",
"tags": [
"product"
],
"url": "https://vestacp.com/"
},
{
"name": "Vulnerability Lab Advisory",
"tags": [
"technical-description",
"exploit"
],
"url": "https://www.vulnerability-lab.com/get_content.php?id=2240"
},
{
"name": "Benjamin Kunz Mejri Profile",
"tags": [
"vendor-advisory"
],
"url": "https://www.vulnerability-lab.com/show.php?user=Benjamin%20K.M."
},
{
"name": "VulnCheck Advisory: VestaCP 0.9.8-26 - \u0027LoginAs\u0027 Insufficient Session Validation",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/vestacp-loginas-insufficient-session-validation"
}
],
"title": "VestaCP 0.9.8-26 - \u0027LoginAs\u0027 Insufficient Session Validation",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2020-36948",
"datePublished": "2026-01-27T15:23:50.046Z",
"dateReserved": "2026-01-25T13:50:01.143Z",
"dateUpdated": "2026-03-05T01:27:04.698Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-47873 (GCVE-0-2021-47873)
Vulnerability from nvd – Published: 2026-01-21 17:27 – Updated: 2026-03-05 01:29
VLAI
Title
VestaCP < 0.9.8-25 - Stored Cross-Site Scripting
Summary
VestaCP versions prior to 0.9.8-25 contain a cross-site scripting vulnerability in the IP interface configuration that allows attackers to inject malicious scripts. Attackers can exploit the 'v_interface' parameter by sending a crafted POST request to the add/ip/ endpoint with a stored XSS payload.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/49662 | exploit |
| https://vestacp.com | product |
| https://myvestacp.com | product |
| https://www.vulncheck.com/advisories/vestacp-stor… | third-party-advisory |
Impacted products
Date Public
2021-03-07 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47873",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-22T16:45:38.236142Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-22T16:52:17.530Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "VestaCP",
"vendor": "VestaCP",
"versions": [
{
"lessThanOrEqual": "0.9.8-25",
"status": "affected",
"version": "0.9.8",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vestacp:vesta_control_panel:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.9.8-25",
"versionStartIncluding": "0.9.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Numan T\u00fcrle"
}
],
"datePublic": "2021-03-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "VestaCP versions prior to 0.9.8-25 contain a cross-site scripting vulnerability in the IP interface configuration that allows attackers to inject malicious scripts. Attackers can exploit the \u0027v_interface\u0027 parameter by sending a crafted POST request to the add/ip/ endpoint with a stored XSS payload."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T01:29:04.125Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-49662",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/49662"
},
{
"name": "VestaCP Official Vendor Homepage",
"tags": [
"product"
],
"url": "https://vestacp.com"
},
{
"name": "VestaCP Alternative Download Site",
"tags": [
"product"
],
"url": "https://myvestacp.com"
},
{
"name": "VulnCheck Advisory: VestaCP \u003c 0.9.8-25 - Stored Cross-Site Scripting",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/vestacp-stored-cross-site-scripting"
}
],
"title": "VestaCP \u003c 0.9.8-25 - Stored Cross-Site Scripting",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2021-47873",
"datePublished": "2026-01-21T17:27:48.296Z",
"dateReserved": "2026-01-18T12:35:05.171Z",
"dateUpdated": "2026-03-05T01:29:04.125Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2020-36948 (GCVE-0-2020-36948)
Vulnerability from cvelistv5 – Published: 2026-01-27 15:23 – Updated: 2026-03-05 01:27
VLAI
Title
VestaCP 0.9.8-26 - 'LoginAs' Insufficient Session Validation
Summary
VestaCP 0.9.8-26 contains a session token vulnerability in the LoginAs module that allows remote attackers to manipulate authentication tokens. Attackers can exploit insufficient token validation to access user accounts and perform unauthorized login requests without proper administrative permissions.
Severity
9.8 (Critical)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/49219 | exploit |
| https://vestacp.com/ | product |
| https://www.vulnerability-lab.com/get_content.php… | technical-descriptionexploit |
| https://www.vulnerability-lab.com/show.php?user=B… | vendor-advisory |
| https://www.vulncheck.com/advisories/vestacp-logi… | third-party-advisory |
Date Public
2020-11-26 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-36948",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-27T21:07:57.516937Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-27T21:36:26.071Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.vulnerability-lab.com/show.php?user=Benjamin%20K.M."
},
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/49219"
},
{
"tags": [
"exploit"
],
"url": "https://www.vulnerability-lab.com/get_content.php?id=2240"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "VestaCP",
"vendor": "VestaCP",
"versions": [
{
"status": "affected",
"version": "0.9.8-26"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vestacp:vesta_control_panel:0.9.8-26:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Vulnerability-Lab"
}
],
"datePublic": "2020-11-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "VestaCP 0.9.8-26 contains a session token vulnerability in the LoginAs module that allows remote attackers to manipulate authentication tokens. Attackers can exploit insufficient token validation to access user accounts and perform unauthorized login requests without proper administrative permissions."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T01:27:04.698Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-49219",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/49219"
},
{
"name": "VestaCP Official Homepage",
"tags": [
"product"
],
"url": "https://vestacp.com/"
},
{
"name": "Vulnerability Lab Advisory",
"tags": [
"technical-description",
"exploit"
],
"url": "https://www.vulnerability-lab.com/get_content.php?id=2240"
},
{
"name": "Benjamin Kunz Mejri Profile",
"tags": [
"vendor-advisory"
],
"url": "https://www.vulnerability-lab.com/show.php?user=Benjamin%20K.M."
},
{
"name": "VulnCheck Advisory: VestaCP 0.9.8-26 - \u0027LoginAs\u0027 Insufficient Session Validation",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/vestacp-loginas-insufficient-session-validation"
}
],
"title": "VestaCP 0.9.8-26 - \u0027LoginAs\u0027 Insufficient Session Validation",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2020-36948",
"datePublished": "2026-01-27T15:23:50.046Z",
"dateReserved": "2026-01-25T13:50:01.143Z",
"dateUpdated": "2026-03-05T01:27:04.698Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-47873 (GCVE-0-2021-47873)
Vulnerability from cvelistv5 – Published: 2026-01-21 17:27 – Updated: 2026-03-05 01:29
VLAI
Title
VestaCP < 0.9.8-25 - Stored Cross-Site Scripting
Summary
VestaCP versions prior to 0.9.8-25 contain a cross-site scripting vulnerability in the IP interface configuration that allows attackers to inject malicious scripts. Attackers can exploit the 'v_interface' parameter by sending a crafted POST request to the add/ip/ endpoint with a stored XSS payload.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/49662 | exploit |
| https://vestacp.com | product |
| https://myvestacp.com | product |
| https://www.vulncheck.com/advisories/vestacp-stor… | third-party-advisory |
Impacted products
Date Public
2021-03-07 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47873",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-22T16:45:38.236142Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-22T16:52:17.530Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "VestaCP",
"vendor": "VestaCP",
"versions": [
{
"lessThanOrEqual": "0.9.8-25",
"status": "affected",
"version": "0.9.8",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vestacp:vesta_control_panel:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.9.8-25",
"versionStartIncluding": "0.9.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Numan T\u00fcrle"
}
],
"datePublic": "2021-03-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "VestaCP versions prior to 0.9.8-25 contain a cross-site scripting vulnerability in the IP interface configuration that allows attackers to inject malicious scripts. Attackers can exploit the \u0027v_interface\u0027 parameter by sending a crafted POST request to the add/ip/ endpoint with a stored XSS payload."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T01:29:04.125Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-49662",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/49662"
},
{
"name": "VestaCP Official Vendor Homepage",
"tags": [
"product"
],
"url": "https://vestacp.com"
},
{
"name": "VestaCP Alternative Download Site",
"tags": [
"product"
],
"url": "https://myvestacp.com"
},
{
"name": "VulnCheck Advisory: VestaCP \u003c 0.9.8-25 - Stored Cross-Site Scripting",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/vestacp-stored-cross-site-scripting"
}
],
"title": "VestaCP \u003c 0.9.8-25 - Stored Cross-Site Scripting",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2021-47873",
"datePublished": "2026-01-21T17:27:48.296Z",
"dateReserved": "2026-01-18T12:35:05.171Z",
"dateUpdated": "2026-03-05T01:29:04.125Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}