2023-01-22 00:00:00
mitre
PUBLISHED
A Host Header Injection issue on the Login page of Plesk Obsidian through 18.0.49 allows attackers to redirect users to malicious websites via a Host request header. NOTE: the vendors position is "the ability to use arbitrary domain names to access the panel is an intended feature."