Every CVE whose affected-product data names Plesk Obsidian, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2022-45130 — CVSS 6.5 (medium): Plesk Obsidian allows a CSRF attack, e.g., via the /api/v2/cli/commands REST API to change an Admin password. NOTE: Obsidian is a specific…
CVE-2020-11583 — CVSS 6.1 (medium): A GET-based XSS reflected vulnerability in Plesk Obsidian 18.0.17 allows remote unauthenticated users to inject arbitrary JavaScript, HTML…
CVE-2021-35976 — CVSS 6.1 (medium): The feature to preview a website in Plesk Obsidian 18.0.0 through 18.0.32 on Linux is vulnerable to reflected XSS via the…
CVE-2023-24044 — CVSS 6.1 (medium): A Host Header Injection issue on the Login page of Plesk Obsidian through 18.0.49 allows attackers to redirect users to malicious websites…