First published: Tue Jul 19 2022(Updated: )
Vesta v1.0.0-5 was discovered to contain a cross-site scripting (XSS) vulnerability via the generate_response function at /web/api/v1/upload/UploadHandler.php.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Vestacp Vesta Control Panel | =1.0.0-5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2022-36304.
The severity of CVE-2022-36304 is medium with a CVSS score of 6.1.
Vesta Control Panel version 1.0.0-5 is affected by CVE-2022-36304.
The CWE ID for CVE-2022-36304 is CWE-79.
Yes, please refer to the following link for more information on how to fix CVE-2022-36304: [link](https://github.com/serghey-rodin/vesta/issues/2252).