Security Advisory

CVE-2023-24044

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-01-22 00:00:00

Last updated 2025-04-02 15:49:05

Assigner mitre

State PUBLISHED

Description

A Host Header Injection issue on the Login page of Plesk Obsidian through 18.0.49 allows attackers to redirect users to malicious websites via a Host request header. NOTE: the vendors position is "the ability to use arbitrary domain names to access the panel is an intended feature."

← Browse all CVEs View on cve.org ↗