CVE-2021-35976
Last modified
CVE-2021-35976 is a medium-severity vulnerability rated 6.1/10 on the CVSS scale. The feature to preview a website in Plesk Obsidian 18.0.0 through 18.0.32 on Linux is vulnerable to reflected XSS via the /plesk-site-preview/ PATH, aka PFSI-62467. The attacker could execute JavaScript code in the victim's browser by using the link to preview sites hosted on the server. EPSS estimates a 1.11% chance of exploitation in the next 30 days.
Description
The feature to preview a website in Plesk Obsidian 18.0.0 through 18.0.32 on Linux is vulnerable to reflected XSS via the /plesk-site-preview/ PATH, aka PFSI-62467. The attacker could execute JavaScript code in the victim's browser by using the link to preview sites hosted on the server. Authentication is not required to exploit the vulnerability.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Plesk | Obsidian | >= 18.0.0, <= 18.0.32 |
References
- https://support.plesk.com/hc/en-us/articles/4402990507026Vendor Advisory
- https://tarekbouali.com/cves/cve-2021-35976Exploit, Third Party Advisory
- https://www.bouali.io/cves/cve-2021-35976Broken Link
- https://support.plesk.com/hc/en-us/articles/4402990507026Vendor Advisory
- https://tarekbouali.com/cves/cve-2021-35976Exploit, Third Party Advisory
- https://www.bouali.io/cves/cve-2021-35976Broken Link
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-35976?
How severe is CVE-2021-35976?
How do I fix CVE-2021-35976?
Are you affected by CVE-2021-35976?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST