Filtered by vendor Plesk
Subscribe
Total
8 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-24044 | 1 Plesk | 1 Obsidian | 2023-02-28 | N/A | 6.1 MEDIUM |
| ** DISPUTED ** A Host Header Injection issue on the Login page of Plesk Obsidian through 18.0.49 allows attackers to redirect users to malicious websites via a Host request header. NOTE: the vendor's position is "the ability to use arbitrary domain names to access the panel is an intended feature." | |||||
| CVE-2022-45130 | 1 Plesk | 1 Obsidian | 2022-11-15 | N/A | 6.5 MEDIUM |
| Plesk Obsidian allows a CSRF attack, e.g., via the /api/v2/cli/commands REST API to change an Admin password. NOTE: Obsidian is a specific version of the Plesk product: version numbers were used through version 12, and then the convention was changed so that versions are identified by names ("Obsidian"), not numbers. | |||||
| CVE-2021-45008 | 1 Plesk | 1 Plesk | 2022-03-01 | 6.5 MEDIUM | 8.8 HIGH |
| ** DISPUTED ** Plesk CMS 18.0.37 is affected by an insecure permissions vulnerability that allows privilege Escalation from user to admin rights. OTE: the vendor states that this is only a site-specific problem on websites of one or more Plesk users. | |||||
| CVE-2021-45007 | 1 Plesk | 1 Plesk | 2022-03-01 | 4.3 MEDIUM | 6.5 MEDIUM |
| ** DISPUTED ** Plesk 18.0.37 is affected by a Cross Site Request Forgery (CSRF) vulnerability that allows an attacker to insert data on the user and admin panel. NOTE: the vendor states that this is only a site-specific problem on websites of one or more Plesk users. | |||||
| CVE-2021-35976 | 1 Plesk | 1 Obsidian | 2021-11-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The feature to preview a website in Plesk Obsidian 18.0.0 through 18.0.32 on Linux is vulnerable to reflected XSS via the /plesk-site-preview/ PATH, aka PFSI-62467. The attacker could execute JavaScript code in the victim's browser by using the link to preview sites hosted on the server. Authentication is not required to exploit the vulnerability. | |||||
| CVE-2020-11584 | 2 Linux, Plesk | 2 Linux Kernel, Onyx | 2020-08-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| A GET-based XSS reflected vulnerability in Plesk Onyx 17.8.11 allows remote unauthenticated users to inject arbitrary JavaScript, HTML, or CSS via a GET parameter. | |||||
| CVE-2020-11583 | 2 Microsoft, Plesk | 2 Windows, Obsidian | 2020-08-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| A GET-based XSS reflected vulnerability in Plesk Obsidian 18.0.17 allows remote unauthenticated users to inject arbitrary JavaScript, HTML, or CSS via a GET parameter. | |||||
| CVE-2001-1222 | 1 Plesk | 1 Plesk Server Administrator | 2008-09-05 | 5.0 MEDIUM | N/A |
| Plesk Server Administrator (PSA) 1.0 allows remote attackers to obtain PHP source code via an HTTP request containing the target's IP address and a valid account name for the domain. | |||||