Lucene search
K

4 matches found

OSV
OSV
added 2023/01/22 3:15 a.m.5 views

CVE-2023-24044

A Host Header Injection issue on the Login page of Plesk Obsidian through 18.0.49 allows attackers to redirect users to malicious websites via a Host request header. NOTE: the vendor's position is "the ability to use arbitrary domain names to access the panel is an intended feature."...

6.1CVSS5.9AI score0.02157EPSS
Exploits3References3
NVD
NVD
added 2023/01/22 3:15 a.m.38 views

CVE-2023-24044

A Host Header Injection issue on the Login page of Plesk Obsidian through 18.0.49 allows attackers to redirect users to malicious websites via a Host request header. NOTE: the vendor's position is "the ability to use arbitrary domain names to access the panel is an intended feature."...

6.1CVSS6.4AI score0.02157EPSS
Exploits3References3
CVE
CVE
added 2023/01/22 12:0 a.m.162 views

CVE-2023-24044

CVE-2023-24044 affects Plesk Obsidian up to version 18.0.49. The login page is vulnerable to Host header injection, enabling open redirects to attacker‑controlled sites. Root cause appears to be reliance on the Host header to grant access or redirect, with vendor noting that arbitrary domain name...

6.1CVSS6.3AI score0.02157EPSS
Exploits3References3Affected Software1
Cvelist
Cvelist
added 2023/01/22 12:0 a.m.52 views

CVE-2023-24044

A Host Header Injection issue on the Login page of Plesk Obsidian through 18.0.49 allows attackers to redirect users to malicious websites via a Host request header. NOTE: the vendor's position is "the ability to use arbitrary domain names to access the panel is an intended feature."...

6.6AI score0.02157EPSS
Exploits3References3
Rows per page
Query Builder