Description
A Host Header Injection issue on the Login page of Plesk Obsidian through 18.0.49 allows attackers to redirect users to malicious websites via a Host request header.
Remediation
References
Related Vulnerabilities
WordPress Plugin Social Login by BestWebSoft Cross-Site Scripting (0.1)
WordPress Plugin WordPress Photo Gallery by Gallery Bank SQL Injection (3.0.101)
IBM WebSEAL Missing Authorization Vulnerability (CVE-2020-4499)
Drupal Core 8.x.x Directory Traversal (8.0.0 - 8.8.12)
Oracle Database Server CVE-2018-2875 Vulnerability (CVE-2018-2875)