Vulnerabilities in Plesk
4 resultsCVE-2023-0829HIGHCross-Site Scripting (XSS) vulnerability in PleskEPSS 0.6%CVE-2025-49618MEDIUMIn Plesk Obsidian 18.0.69, unauthenticated requests to /login_up.php can reveal an AWS accessKeyId, secretAccessKey, region, and endpoint.EPSS 0.3%CVE-2023-4931MEDIUMUncontrolled search path element vulnerability in PleskEPSS 0.2%CVE-2025-66431HIGHWebPros Plesk before 18.0.73.5 and 18.0.74 before 18.0.74.2 on Linux allows remote authenticated users to execute arbitrary code as root viaEPSS 0.2%