R0Xen

**Name of the Vulnerable Software and Affected Versions** Vesta Control Panel version 0.9.8-20 **Description** An issue was discovered that allows for Reflected XSS via the `path` variable in the `view/file/index.php` URI. This can potentially lead to remote PHP code execution through vectors involving a `file put contents` call in `web/upload/UploadHandler.php`. **Recommendations** For Vesta Control Panel version 0.9.8-20, consider restricting access to the `view/file/index.php` URI and limiting the use of the `file put contents` function in `web/upload/UploadHandler.php` to minimize the risk of exploitation. Additionally, validate and sanitize the `path` variable to prevent XSS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.