4 matches found
CVE-2023-24044
CVE-2023-24044 affects Plesk Obsidian up to version 18.0.49. The login page is vulnerable to Host header injection, enabling open redirects to attacker‑controlled sites. Root cause appears to be reliance on the Host header to grant access or redirect, with vendor noting that arbitrary domain name...
CVE-2020-11583
CVE-2020-11583 affects Plesk Obsidian 18.0.17 with a GET-based reflected XSS. The vulnerability allows remote unauthenticated users to inject arbitrary JavaScript, HTML, or CSS via a GET parameter. The available connected documents corroborate a client-side data handling flaw in the Plesk Obsidia...
CVE-2021-35976
The CVE-2021-35976 vulnerability affects Plesk Obsidian on Linux, specifically versions 18.0.0 through 18.0.32. It is a reflected XSS in the site preview feature accessed via the /plesk-site-preview/ path. An attacker can cause JavaScript execution in a victim’s browser by sending a link that pre...
CVE-2022-45130
CVE-2022-45130 describes a CSRF vulnerability in Plesk Obsidian that can enable an attacker to change the administrator password via the REST API endpoint /api/v2/cli/commands. The issue affects Plesk Obsidian (Obsidian naming convention for versions) and is triggered when an authenticated user i...