Plesk Onyx 17.5.3 Admin panel XSS

Plesk . Powerful and simple . One of the most used control panel for hostings on the internet.
So why not try find something in it ?
plesk gives you 20 day trial and thats enough for finding bugs i guess.
Plesk Onyx comes with feature called MagicSpam vulnerable to reflected XSS.
Note that MagicSpam is not plesk product but a thirdparty program included in plesk by default.
The option is only available for server’s admin which can compromise whole server by exploiting it on server owner machine

Plesk notified and will inform magicspam about their vulnerability .
patch will be available in next release

Leave a Reply

Your email address will not be published. Required fields are marked *