Reflected Cross-site Scripting (XSS) Vulnerability in hestiacp/hestiacp
Mar 9th 2022
hestiacp is vulnerable to Reflected XSS in the Hostname field within Basic Options of the function "Configure Server" in Hestia Control Panel
Proof of Concept
(1) Access https://demo.hestiacp.com:8083/edit/server/
(2) Click "Configure"
(3) Click Basic Options
(4) Enter below as payload in the hostname field and click save
"><img src=x onerror=alert(document.domain)>
An attacker control alert box should prompt before an error box prompt from server.
This vulnerability is capable for letting attacker potentially steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie.