Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
plesk vulnerabilities and exploits
(subscribe to this query)
435
VMScore
CVE-2004-2702
Cross-site scripting (XSS) vulnerability in login_up.php3 in Plesk 7.0 and 7.1 Reloaded allows remote malicious users to inject arbitrary web script or HTML via the login_name parameter. NOTE: this might be the same vector as CVE-2006-6451.
Swsoft Plesk 7.0
Swsoft Plesk 7.1
1 EDB exploit
505
VMScore
CVE-2006-5028
Directory traversal vulnerability in filemanager/filemanager.php in SWsoft Plesk 7.5 Reload and Plesk 7.6 for Microsoft Windows allows remote malicious users to list arbitrary directories via a ../ (dot dot slash) in the file parameter in a chdir action.
Swsoft Plesk Reload 7.5
Swsoft Plesk 7.6
1 EDB exploit
NA
CVE-2023-24044
A Host Header Injection issue on the Login page of Plesk Obsidian up to and including 18.0.49 allows malicious users to redirect users to malicious websites via a Host request header. NOTE: the vendor's position is "the ability to use arbitrary domain names to access th...
Plesk Obsidian
1 Github repository
NA
CVE-2022-45130
Plesk Obsidian allows a CSRF attack, e.g., via the /api/v2/cli/commands REST API to change an Admin password. NOTE: Obsidian is a specific version of the Plesk product: version numbers were used through version 12, and then the convention was changed so that versions are identifi...
Plesk Obsidian -
383
VMScore
CVE-2021-35976
The feature to preview a website in Plesk Obsidian 18.0.0 up to and including 18.0.32 on Linux is vulnerable to reflected XSS via the /plesk-site-preview/ PATH, aka PFSI-62467. The attacker could execute JavaScript code in the victim's browser by using the link to preview si...
Plesk Obsidian
383
VMScore
CVE-2020-11583
A GET-based XSS reflected vulnerability in Plesk Obsidian 18.0.17 allows remote unauthenticated users to inject arbitrary JavaScript, HTML, or CSS via a GET parameter.
Plesk Obsidian 18.0.17
383
VMScore
CVE-2020-11584
A GET-based XSS reflected vulnerability in Plesk Onyx 17.8.11 allows remote unauthenticated users to inject arbitrary JavaScript, HTML, or CSS via a GET parameter.
Plesk Onyx 17.8.11
NA
CVE-2023-43784
Plesk Onyx 17.8.11 has accessKeyId and secretAccessKey fields that are related to an Amazon AWS Firehose component. NOTE: the vendor's position is that there is no security threat.
Plesk Onyx 17.8.11
516
VMScore
CVE-2008-6984
Plesk 8.6.0, when short mail login names (SHORTNAMES) are enabled, allows remote malicious users to bypass authentication and send spam e-mail via a message with (1) a base64-encoded username that begins with a valid shortname, or (2) a username that matches a valid password, as ...
Parallels Plesk 8.6.0
383
VMScore
CVE-2006-3737
Cross-site scripting (XSS) vulnerability in filemanager/filemanager.php in the control panel in SWsoft Plesk 8.0 and previous versions allows remote authenticated users to inject arbitrary web script or HTML via the file parameter.
Swsoft Plesk Control Panel
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »