Total
4 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-45008 | 1 Plesk | 1 Plesk | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
Plesk CMS 18.0.37 is affected by an insecure permissions vulnerability that allows privilege Escalation from user to admin rights. OTE: the vendor states that this is only a site-specific problem on websites of one or more Plesk users | |||||
CVE-2021-45007 | 1 Plesk | 1 Plesk | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
Plesk 18.0.37 is affected by a Cross Site Request Forgery (CSRF) vulnerability that allows an attacker to insert data on the user and admin panel. NOTE: the vendor states that this is only a site-specific problem on websites of one or more Plesk users | |||||
CVE-2023-4931 | 1 Plesk | 1 Plesk | 2024-02-28 | N/A | 7.8 HIGH |
Uncontrolled search path element vulnerability in Plesk Installer affects version 3.27.0.0. A local attacker could execute arbitrary code by injecting DLL files into the same folder where the application is installed, resulting in DLL hijacking in edputil.dll, samlib.dll, urlmon.dll, sspicli.dll, propsys.dll and profapi.dll files. | |||||
CVE-2023-0829 | 1 Plesk | 1 Plesk | 2024-02-28 | N/A | 9.0 CRITICAL |
Plesk 17.0 through 18.0.31 version, is vulnerable to a Cross-Site Scripting. A malicious subscription owner (either a customer or an additional user), can fully compromise the server if an administrator visits a certain page in Plesk related to the malicious subscription. |