Vulnerabilities > Plesk > Obsidian > 18.0.17

DATE CVE VULNERABILITY TITLE RISK
2023-01-22 CVE-2023-24044 Open Redirect vulnerability in Plesk Obsidian 18.0.17
A Host Header Injection issue on the Login page of Plesk Obsidian through 18.0.49 allows attackers to redirect users to malicious websites via a Host request header.
network
low complexity
plesk CWE-601
6.1
6.1
2021-09-10 CVE-2021-35976 Cross-site Scripting vulnerability in Plesk Obsidian 18.0.17
The feature to preview a website in Plesk Obsidian 18.0.0 through 18.0.32 on Linux is vulnerable to reflected XSS via the /plesk-site-preview/ PATH, aka PFSI-62467.
network
plesk CWE-79
4.3
4.3
2020-08-03 CVE-2020-11583 Cross-site Scripting vulnerability in Plesk Obsidian 18.0.17
A GET-based XSS reflected vulnerability in Plesk Obsidian 18.0.17 allows remote unauthenticated users to inject arbitrary JavaScript, HTML, or CSS via a GET parameter.
network
low complexity
plesk CWE-79
6.1
6.1