CVE-2018-18547

Name of the Vulnerable Software and Affected Versions Vesta Control Panel versions prior to 0.9.8-22

Description The issue allows for XSS attacks through various parameters, including the domain parameter in the "edit/web/" endpoint, the backup parameter in the "list/backup/" endpoint, the period parameter in the "list/rrd/" endpoint, the dir a parameter in the "list/directory/" endpoint, or the filename to the "list/directory/" URI.

Recommendations For Vesta Control Panel versions prior to 0.9.8-22, consider updating to a version that addresses this issue. As a temporary workaround, restrict access to the affected endpoints, such as "edit/web/", "list/backup/", "list/rrd/", and "list/directory/", to minimize the risk of exploitation. Avoid using the vulnerable parameters, such as domain, backup, period, dir a, and filename, in the affected endpoints until the issue is resolved.