Cross-Site Scripting Vulnerability in Parallels Plesk Panel
CVE-2019-18793
6.1MEDIUM
What is CVE-2019-18793?
An input validation vulnerability exists in Parallels Plesk Panel 9.5 that allows attackers to perform Cross-Site Scripting (XSS). This vulnerability occurs through the 'fileName' parameter in the help section, specifically at target/locales/tr-TR/help/index.htm?. By crafting a malicious link, attackers can inject scripts into the web application, potentially compromising the security of users visiting the page. Proper validation and sanitization of user inputs can help mitigate the risks associated with this vulnerability.