Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
plesk obsidian vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2021-35976
The feature to preview a website in Plesk Obsidian 18.0.0 up to and including 18.0.32 on Linux is vulnerable to reflected XSS via the /plesk-site-preview/ PATH, aka PFSI-62467. The attacker could execute JavaScript code in the victim's browser by using the link to preview si...
Plesk Obsidian
NA
CVE-2022-45130
Plesk Obsidian allows a CSRF attack, e.g., via the /api/v2/cli/commands REST API to change an Admin password. NOTE: Obsidian is a specific version of the Plesk product: version numbers were used through version 12, and then the convention was changed so that versions are identifi...
Plesk Obsidian -
NA
CVE-2023-24044
A Host Header Injection issue on the Login page of Plesk Obsidian up to and including 18.0.49 allows malicious users to redirect users to malicious websites via a Host request header. NOTE: the vendor's position is "the ability to use arbitrary domain names to access th...
Plesk Obsidian
4.3
CVSSv2
CVE-2020-11583
A GET-based XSS reflected vulnerability in Plesk Obsidian 18.0.17 allows remote unauthenticated users to inject arbitrary JavaScript, HTML, or CSS via a GET parameter.
Plesk Obsidian 18.0.17
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
IMAP
CVE-2024-4367
server-side request forgery
information disclosure
CVE-2024-34342
CVE-2024-4281
CVE-2024-3507
CVE-2024-25560
CVE-2024-34574
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started