← Back

Onyx

onyx

Vendor: Plesk • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2023-43784
1Plesk
1Onyx
Nov 21, 2024
Sep 22, 2023
N/A· v4
7.5 HIGH· v3
N/A· v2
Plesk Onyx 17.8.11 has accessKeyId and secretAccessKey fields that are related to an Amazon AWS Firehose component. NOTE: the vendor's position is that there is no security threat.
CVE-2020-11584
1Plesk
1Onyx
Nov 21, 2024
Aug 3, 2020
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
A GET-based XSS reflected vulnerability in Plesk Onyx 17.8.11 allows remote unauthenticated users to inject arbitrary JavaScript, HTML, or CSS via a GET parameter.