Cross site scripting

2023-09-2013:15:00

PRIOn knowledge base

www.prio-n.com

plesk

cross-site scripting

nvd

8.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.3%

JSON

Plesk 17.0 through 18.0.31 version, is vulnerable to a Cross-Site Scripting. A malicious subscription owner (either a customer or an additional user), can fully compromise the server if an administrator visits a certain page in Plesk related to the malicious subscription.

CPENameOperatorVersion
pleskge17.0
pleskle18.0.31

CPE	Name	Operator	Version
	plesk	ge	17.0
	plesk	le	18.0.31

References

www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-xss-vulnerability-plesk