Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
plesk obsidian vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2023-24044
A Host Header Injection issue on the Login page of Plesk Obsidian up to and including 18.0.49 allows malicious users to redirect users to malicious websites via a Host request header. NOTE: the vendor's position is "the ability to use arbitrary domain names to access th...
Plesk Obsidian
6.1
CVSSv3
CVE-2021-35976
The feature to preview a website in Plesk Obsidian 18.0.0 up to and including 18.0.32 on Linux is vulnerable to reflected XSS via the /plesk-site-preview/ PATH, aka PFSI-62467. The attacker could execute JavaScript code in the victim's browser by using the link to preview si...
Plesk Obsidian
6.5
CVSSv3
CVE-2022-45130
Plesk Obsidian allows a CSRF attack, e.g., via the /api/v2/cli/commands REST API to change an Admin password. NOTE: Obsidian is a specific version of the Plesk product: version numbers were used through version 12, and then the convention was changed so that versions are identifi...
Plesk Obsidian -
6.1
CVSSv3
CVE-2020-11583
A GET-based XSS reflected vulnerability in Plesk Obsidian 18.0.17 allows remote unauthenticated users to inject arbitrary JavaScript, HTML, or CSS via a GET parameter.
Plesk Obsidian 18.0.17
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started