CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-43784
https://notcve.org/view.php?id=CVE-2023-43784
22 Sep 2023 — Plesk Onyx 17.8.11 has accessKeyId and secretAccessKey fields that are related to an Amazon AWS Firehose component. NOTE: the vendor's position is that there is no security threat. ** DISPUTA ** Plesk Onyx 17.8.11 tiene campos accessKeyId y secretAccessKey que están relacionados con un componente de Amazon AWS Firehose. NOTA: la posición del proveedor es que no existe ninguna amenaza para la seguridad. • https://docs.aws.amazon.com/IAM/latest/UserGuide/security-creds.html • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-11584
https://notcve.org/view.php?id=CVE-2020-11584
03 Aug 2020 — A GET-based XSS reflected vulnerability in Plesk Onyx 17.8.11 allows remote unauthenticated users to inject arbitrary JavaScript, HTML, or CSS via a GET parameter. Una vulnerabilidad de tipo XSS reflejada basada en GET en Plesk Onyx versión 17.8.11, permite a usuarios remotos no autenticados inyectar JavaScript, HTML o CSS arbitrario por medio de un parámetro GET • https://medium.com/%400x00crash/xss-reflected-in-plesk-onyx-and-obsidian-1173a3eaffb5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •