CVE-2023-0829

Name of the Vulnerable Software and Affected Versions Plesk versions 17.0 through 18.0.31

Description A malicious subscription owner, either a customer or an additional user, can fully compromise the server if an administrator visits a certain page in Plesk related to the malicious subscription. This issue is related to Cross-Site Scripting.

Recommendations For Plesk versions 17.0 through 18.0.31, update to a version that is not affected by this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to pages related to subscriptions to minimize the risk of exploitation.