Vulnerabilities > Plesk
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-27 | CVE-2023-4931 | Uncontrolled Search Path Element vulnerability in Plesk 3.27.0.0 Uncontrolled search path element vulnerability in Plesk Installer affects version 3.27.0.0. | 7.8 |
| 2023-09-22 | CVE-2023-43784 | Exposure of Resource to Wrong Sphere vulnerability in Plesk Onyx 17.8.11 Plesk Onyx 17.8.11 has accessKeyId and secretAccessKey fields that are related to an Amazon AWS Firehose component. | 7.5 |
| 2023-09-20 | CVE-2023-0829 | Cross-site Scripting vulnerability in Plesk Plesk 17.0 through 18.0.31 version, is vulnerable to a Cross-Site Scripting. | 9.0 |
| 2023-01-22 | CVE-2023-24044 | Open Redirect vulnerability in Plesk Obsidian 18.0.17 A Host Header Injection issue on the Login page of Plesk Obsidian through 18.0.49 allows attackers to redirect users to malicious websites via a Host request header. | 6.1 |
| 2022-11-10 | CVE-2022-45130 | Cross-Site Request Forgery (CSRF) vulnerability in Plesk Obsidian Plesk Obsidian allows a CSRF attack, e.g., via the /api/v2/cli/commands REST API to change an Admin password. | 6.5 |
| 2022-02-21 | CVE-2021-45008 | Improper Preservation of Permissions vulnerability in Plesk 18.0.37 Plesk CMS 18.0.37 is affected by an insecure permissions vulnerability that allows privilege Escalation from user to admin rights. | 8.8 |
| 2022-02-20 | CVE-2021-45007 | Cross-Site Request Forgery (CSRF) vulnerability in Plesk 18.0.37 Plesk 18.0.37 is affected by a Cross Site Request Forgery (CSRF) vulnerability that allows an attacker to insert data on the user and admin panel. | 6.5 |
| 2021-09-10 | CVE-2021-35976 | Cross-site Scripting vulnerability in Plesk Obsidian 18.0.17 The feature to preview a website in Plesk Obsidian 18.0.0 through 18.0.32 on Linux is vulnerable to reflected XSS via the /plesk-site-preview/ PATH, aka PFSI-62467. | 4.3 |
| 2020-08-03 | CVE-2020-11584 | Cross-site Scripting vulnerability in Plesk Onyx 17.8.11 A GET-based XSS reflected vulnerability in Plesk Onyx 17.8.11 allows remote unauthenticated users to inject arbitrary JavaScript, HTML, or CSS via a GET parameter. | 6.1 |
| 2020-08-03 | CVE-2020-11583 | Cross-site Scripting vulnerability in Plesk Obsidian 18.0.17 A GET-based XSS reflected vulnerability in Plesk Obsidian 18.0.17 allows remote unauthenticated users to inject arbitrary JavaScript, HTML, or CSS via a GET parameter. | 6.1 |