Vulnerabilities > Plesk > Obsidian
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-22 | CVE-2023-24044 | Open Redirect vulnerability in Plesk Obsidian 18.0.17 A Host Header Injection issue on the Login page of Plesk Obsidian through 18.0.49 allows attackers to redirect users to malicious websites via a Host request header. | 6.1 |
| 2022-11-10 | CVE-2022-45130 | Cross-Site Request Forgery (CSRF) vulnerability in Plesk Obsidian Plesk Obsidian allows a CSRF attack, e.g., via the /api/v2/cli/commands REST API to change an Admin password. | 6.5 |
| 2021-09-10 | CVE-2021-35976 | Cross-site Scripting vulnerability in Plesk Obsidian 18.0.17 The feature to preview a website in Plesk Obsidian 18.0.0 through 18.0.32 on Linux is vulnerable to reflected XSS via the /plesk-site-preview/ PATH, aka PFSI-62467. | 4.3 |
| 2020-08-03 | CVE-2020-11583 | Cross-site Scripting vulnerability in Plesk Obsidian 18.0.17 A GET-based XSS reflected vulnerability in Plesk Obsidian 18.0.17 allows remote unauthenticated users to inject arbitrary JavaScript, HTML, or CSS via a GET parameter. | 6.1 |