Login Sign Up

CVE-2023-0829

8.8 HIGH
Cross-Site Scripting

📋 TL;DR

This is a cross-site scripting (XSS) vulnerability in Plesk control panel versions 17.0 through 18.0.31. A malicious subscription owner can inject scripts that execute with administrator privileges when an admin visits certain subscription-related pages, potentially leading to full server compromise. This affects Plesk administrators who manage servers with untrusted subscription owners.

💻 Affected Systems

Products:
  • Plesk
Versions: 17.0 through 18.0.31
Operating Systems: Linux, Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Requires a malicious subscription owner and an administrator visiting the compromised subscription page.

📦 What is this software?

Plesk by Plesk

View all CVEs affecting Plesk →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full server compromise where an attacker gains complete administrative control over the Plesk server, potentially accessing all hosted websites, databases, and server configurations.

🟠

Likely Case

Session hijacking, credential theft, or privilege escalation leading to unauthorized administrative access to the Plesk control panel.

🟢

If Mitigated

Limited impact if administrators use separate accounts for daily operations, have strict access controls, and avoid visiting suspicious subscription pages.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated subscription owner access and administrator interaction with the malicious page.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 18.0.32 and later

Vendor Advisory: https://www.plesk.com/blog/product-technology/security-update-plesk-onyx-18-0-32/

Restart Required: No

Instructions:

1. Log into Plesk as administrator. 2. Navigate to Tools & Settings > Updates and Upgrades. 3. Click 'Check for Updates'. 4. Install available updates to version 18.0.32 or later.

🔧 Temporary Workarounds

Restrict subscription owner privileges

all

Limit subscription owners' ability to modify content that could contain XSS payloads.

Admin browsing restrictions

all

Implement policies preventing administrators from browsing untrusted subscription pages.

🧯 If You Can't Patch

  • Implement strict Content Security Policy (CSP) headers to prevent script execution
  • Use browser extensions that block XSS attacks for administrative sessions

🔍 How to Verify

Check if Vulnerable:

Check Plesk version via command line: plesk version or via Plesk admin panel > Help > About.

Check Version:

plesk version

Verify Fix Applied:

Confirm version is 18.0.32 or later using same commands.

📡 Detection & Monitoring

Log Indicators:

  • Unusual subscription modifications followed by administrator page visits
  • Suspicious JavaScript in subscription-related logs

Network Indicators:

  • Unexpected outbound connections from Plesk server following admin page visits

SIEM Query:

source="plesk.log" AND ("subscription" OR "customer") AND ("script" OR "javascript" OR "<script>")

📊 Metadata

CVE ID: CVE-2023-0829
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-79
Published: September 20, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-0829, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)