Primary

Context

VestaCP Cross-Site Scripting Vulnerability in IP Interface Configuration

Vulnerability

A stored cross-site scripting vulnerability has been identified in VestaCP versions prior to 0.9.8-25. This issue resides in the IP interface configuration, where attackers can inject malicious scripts. The vulnerability is exploited by sending a crafted POST request to the add/ip/ endpoint, targeting the 'v_interface' parameter with a stored XSS payload.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user.

Reproduction

To reproduce this vulnerability, send a POST request to the add/ip/ endpoint on the VestaCP interface. Include a payload in the 'v_interface' parameter that contains a script, such as a simple alert script. Once the request is processed, the injected script will be executed, demonstrating the cross-site scripting vulnerability.

Added: Jan 21, 2026, 7:06 PM

Updated: Jan 21, 2026, 7:06 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

1.7

exploitability

6.3

remediation

0.0

relevance

2.3

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

1.7

exploitability

6.3

remediation

0.0

relevance

2.3

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

VestaCP Cross-Site Scripting Vulnerability in IP Interface Configuration

Vulnerability

Impact

Reproduction

Affected Products

VestaCP

myVesta

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating