[CVE-2021-35976] Plesk Obsidian on Linux is vulnerable to reflected XSS via the /plesk-site-preview/ path
The feature to preview a website in Plesk Obsidian 18.0.0 through 18.0.32 on Linux is vulnerable to reflected XSS via the
Steps to reproduce
After you uploaded website files to the subscription, you can check how your site will look in a web browser, even before the information about the new site has spread in the Domain Name System.
To preview a website:
1- Go to Websites & Domains.
2- Click Preview below the domain name of the website that you want to preview.
Your site will open in a new browser window via the