A Host Header Injection issue on the Login page of Plesk Obsidian up to and including 18.0.49 allows malicious users to redirect users to malicious websites via a Host request header. NOTE: the vendor's position is "the ability to use arbitrary domain names to access the panel is an intended feature."
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
plesk obsidian |