VYPR
Medium severity6.1NVD Advisory· Published Jan 22, 2023· Updated Jun 17, 2026

CVE-2023-24044

CVE-2023-24044

Description

A Host Header Injection issue on the Login page of Plesk Obsidian through 18.0.49 allows attackers to redirect users to malicious websites via a Host request header. NOTE: the vendor's position is "the ability to use arbitrary domain names to access the panel is an intended feature."

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Plesk/Obsidiancpe-rescue2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: <=18.0.49

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.