Back to search
CVE-2021-35976
Published: Sep 10, 2021
Modified: Aug 4, 2024
PUBLISHED
Description
The feature to preview a website in Plesk Obsidian 18.0.0 through 18.0.32 on Linux is vulnerable to reflected XSS via the /plesk-site-preview/ PATH, aka PFSI-62467. The attacker could execute JavaScript code in the victim's browser by using the link to preview sites hosted on the server. Authentication is not required to exploit the vulnerability.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://www.bouali.io/cves/cve-2021-35976
x_refsource_MISC
https://support.plesk.com/hc/en-us/articles/4402990507026
x_refsource_CONFIRM
https://tarekbouali.com/cves/cve-2021-35976
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now