Reflected XSS Vulnerability in Plesk Obsidian Web Hosting Control Panel
CVE-2021-35976

6.1MEDIUM

Key Information:

Vendor

Plesk

Status
Obsidian
Vendor
CVE Published:
10 September 2021

What is CVE-2021-35976?

Plesk Obsidian versions 18.0.0 through 18.0.32 are vulnerable to reflected Cross-Site Scripting (XSS) through the /plesk-site-preview/ path. This flaw allows attackers to execute malicious JavaScript code in the browsers of users accessing website previews hosted on the server. Since no authentication is required, the risk of exploitation increases significantly, enabling potential data theft, session hijacking, or further attacks on the victim's device. Ensure your Plesk installation is updated to prevent such vulnerabilities.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://www.bouali.io/cves/cve-2021-35976
x_refsource_MISC
https://support.plesk.com/hc/en-us/articles/4402990507026
x_refsource_CONFIRM
https://tarekbouali.com/cves/cve-2021-35976
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.