CVE-2021-35976

Name of the Vulnerable Software and Affected Versions: Plesk Obsidian versions 18.0.0 through 18.0.32

Description: The feature to preview a website in Plesk Obsidian is vulnerable to reflected XSS via the "/plesk-site-preview/" PATH. An attacker could execute JavaScript code in the victim's browser by using the link to preview sites hosted on the server. Authentication is not required to exploit this issue.

Recommendations: For Plesk Obsidian versions 18.0.0 through 18.0.32, consider disabling the website preview feature until a patch is available to prevent exploitation. Restrict access to the "/plesk-site-preview/" PATH to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.