exploitDog

CVE-2023-0829

Опубликовано: 20 сент. 2023

Источник: nvd

CVSS3: 8.8

CVSS3: 9

EPSS Низкий

Описание

Plesk 17.0 through 18.0.31 version, is vulnerable to a Cross-Site Scripting. A malicious subscription owner (either a customer or an additional user), can fully compromise the server if an administrator visits a certain page in Plesk related to the malicious subscription.

Ссылки

https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-xss-vulnerability-plesk
Third Party Advisory
https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-xss-vulnerability-plesk
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:plesk:plesk:*:*:*:*:*:*:*:*

Версия от 17.0 (включая) до 18.0.31 (включая)

EPSS

Процентиль: 31%

0.00117

Низкий

8.8 High

CVSS3

9 Critical

CVSS3

Дефекты

CWE-79

CWE-79

Связанные уязвимости

GHSA-f96r-wmpc-994r

CVSS3: 8.8

github

больше 1 года назад

Plesk 17.0 through 18.0.31 version, is vulnerable to a Cross-Site Scripting. A malicious subscription owner (either a customer or an additional user), can fully compromise the server if an administrator visits a certain page in Plesk related to the malicious subscription.

EPSS

Процентиль: 31%

0.00117

Низкий

8.8 High

CVSS3

9 Critical

CVSS3

Дефекты

CWE-79

CWE-79