Lucene search
K
PleskObsidian

4 matches found

CVE
CVE
added 2023/01/22 12:0 a.m.162 views

CVE-2023-24044

CVE-2023-24044 affects Plesk Obsidian up to version 18.0.49. The login page is vulnerable to Host header injection, enabling open redirects to attacker‑controlled sites. Root cause appears to be reliance on the Host header to grant access or redirect, with vendor noting that arbitrary domain name...

6.1CVSS6.3AI score0.02157EPSS
CVE
CVE
added 2020/08/03 8:12 p.m.84 views

CVE-2020-11583

CVE-2020-11583 affects Plesk Obsidian 18.0.17 with a GET-based reflected XSS. The vulnerability allows remote unauthenticated users to inject arbitrary JavaScript, HTML, or CSS via a GET parameter. The available connected documents corroborate a client-side data handling flaw in the Plesk Obsidia...

6.1CVSS6AI score0.01017EPSS
CVE
CVE
added 2021/09/10 11:8 a.m.64 views

CVE-2021-35976

The CVE-2021-35976 vulnerability affects Plesk Obsidian on Linux, specifically versions 18.0.0 through 18.0.32. It is a reflected XSS in the site preview feature accessed via the /plesk-site-preview/ path. An attacker can cause JavaScript execution in a victim’s browser by sending a link that pre...

6.1CVSS6AI score0.01148EPSS
CVE
CVE
added 2022/11/10 12:0 a.m.61 views

CVE-2022-45130

CVE-2022-45130 describes a CSRF vulnerability in Plesk Obsidian that can enable an attacker to change the administrator password via the REST API endpoint /api/v2/cli/commands. The issue affects Plesk Obsidian (Obsidian naming convention for versions) and is triggered when an authenticated user i...

6.5CVSS6.4AI score0.00336EPSS
Web