CVE-2021-35976

Опубликовано: 10 сент. 2021

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

The feature to preview a website in Plesk Obsidian 18.0.0 through 18.0.32 on Linux is vulnerable to reflected XSS via the /plesk-site-preview/ PATH, aka PFSI-62467. The attacker could execute JavaScript code in the victim's browser by using the link to preview sites hosted on the server. Authentication is not required to exploit the vulnerability.

Ссылки

https://support.plesk.com/hc/en-us/articles/4402990507026
Vendor Advisory
https://tarekbouali.com/cves/cve-2021-35976
Exploit
Third Party Advisory
https://www.bouali.io/cves/cve-2021-35976
Broken Link
https://support.plesk.com/hc/en-us/articles/4402990507026
Vendor Advisory
https://tarekbouali.com/cves/cve-2021-35976
Exploit
Third Party Advisory
https://www.bouali.io/cves/cve-2021-35976
Broken Link

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:plesk:obsidian:*:*:*:*:*:*:*:*

Версия от 18.0.0 (включая) до 18.0.32 (включая)

EPSS

Процентиль: 67%

0.0053

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-55cx-26p7-7qcw

github

больше 3 лет назад

The feature to preview a website in Plesk Obsidian 18.0.0 through 18.0.32 on Linux is vulnerable to reflected XSS via the /plesk-site-preview/ PATH, aka PFSI-62467. The attacker could execute JavaScript code in the victim’s browser by using the link to preview sites hosted on the server. Authentication is not required to exploit the vulnerability.