Tarek Bouali

**Name of the Vulnerable Software and Affected Versions** Plesk versions 17.0 through 18.0.31 **Description** A malicious subscription owner, either a customer or an additional user, can fully compromise the server if an administrator visits a certain page in Plesk related to the malicious subscription. This issue is related to Cross-Site Scripting. **Recommendations** For Plesk versions 17.0 through 18.0.31, update to a version that is not affected by this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to pages related to subscriptions to minimize the risk of exploitation.