CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4931 – Uncontrolled search path element vulnerability in Plesk
https://notcve.org/view.php?id=CVE-2023-4931
27 Nov 2023 — Uncontrolled search path element vulnerability in Plesk Installer affects version 3.27.0.0. A local attacker could execute arbitrary code by injecting DLL files into the same folder where the application is installed, resulting in DLL hijacking in edputil.dll, samlib.dll, urlmon.dll, sspicli.dll, propsys.dll and profapi.dll files. La vulnerabilidad del elemento de ruta de búsqueda no controlada en Plesk Installer afecta a la versión 3.27.0.0. Un atacante local podría ejecutar código arbitrario inyectando ar... • https://support.plesk.com/hc/en-us/articles/17426121182103 • CWE-427: Uncontrolled Search Path Element •
CVSS: 6.8EPSS: 1%CPEs: 2EXPL: 4CVE-2006-6451 – Plesk 7.5/8.0 - 'get_password.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-6451
10 Dec 2006 — Multiple cross-site scripting (XSS) vulnerabilities in SWsoft Plesk 8.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) get_password.php or (2) login_up.php3. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en SWsoft Plesk 8.0.1 y versiones anteriores permite a atacantes remotos inyectar scripts web o HTML de su elección mediante parámetros no especificados en (1) get_password.php ó (2) login_up.php3. • https://www.exploit-db.com/exploits/29017 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •