CVE-2021-47873
Unknown Unknown - Not Provided
Stored XSS in VestaCP IP Interface Configuration Prior

Publication date: 2026-01-21

Last updated on: 2026-01-21

Assigner: VulnCheck

Description
VestaCP versions prior to 0.9.8-25 contain a cross-site scripting vulnerability in the IP interface configuration that allows attackers to inject malicious scripts. Attackers can exploit the 'v_interface' parameter by sending a crafted POST request to the add/ip/ endpoint with a stored XSS payload.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-21
Last Modified
2026-01-21
Generated
2026-06-16
AI Q&A
2026-01-21
EPSS Evaluated
2026-06-14
NVD
CVE-2021-47873
EUVD
EUVD-2026-3630
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
vestacp vestacp to 0.9.8-25 (exc)
myvesta myvesta 0.9.9-0-15
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2021-47873 is a stored cross-site scripting (XSS) vulnerability in VestaCP versions prior to 0.9.8-25. It occurs in the IP interface configuration, specifically through the 'v_interface' parameter. An attacker can send a crafted POST request with a malicious script payload to the add/ip/ endpoint, which is not properly sanitized. This causes the malicious script to be stored and later executed in the context of the web application, potentially allowing attackers to run arbitrary JavaScript in users' browsers. [1, 2]

Impact Analysis

This vulnerability can allow attackers to execute arbitrary JavaScript in the context of the affected web application. This can lead to session hijacking, defacement, or other malicious actions such as stealing sensitive information or performing actions on behalf of the user without their consent. [1, 2]

Detection Guidance

This vulnerability can be detected by monitoring or capturing POST requests sent to the /add/ip/ endpoint of the VestaCP web interface and inspecting the 'v_interface' parameter for suspicious or malicious script payloads such as <script> tags. A practical approach is to use tools like curl or wget to send crafted POST requests with test payloads to see if the input is improperly sanitized and stored. For example, sending a POST request with a payload containing <script>alert(1)</script> in the 'v_interface' parameter and then checking if the script executes when viewing the IP interface configuration. Network monitoring tools or web application firewalls (WAF) can also be configured to detect such malicious POST requests. Example command using curl to test the vulnerability: curl -X POST -d "v_interface=<script>alert(1)</script>&v_ip=1.2.3.4&v_netmask=255.255.255.0&v_shared=no&v_owner=admin" https://your-vestacp-domain/add/ip/ This command attempts to inject a script payload to check if the system is vulnerable. [1]

Mitigation Strategies

Immediate mitigation steps include upgrading VestaCP to version 0.9.8-25 or later, where this stored XSS vulnerability in the 'v_interface' parameter has been addressed. If upgrading is not immediately possible, restrict access to the VestaCP control panel to trusted IP addresses and users to reduce exposure. Additionally, implement web application firewall (WAF) rules to block or sanitize POST requests containing suspicious script tags or payloads targeting the /add/ip/ endpoint. Regularly audit and sanitize existing IP interface configurations to remove any malicious scripts that may have been stored. Monitoring and alerting on unusual POST requests to the vulnerable endpoint can also help in early detection and response. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2021-47873. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart