PleskLin Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2021-35976

The feature to preview a website in Plesk Obsidian 18.0.0 through 18.0.32 on Linux is vulnerable to reflected XSS via the /plesk-site-preview/ PATH aka PFSI-62467. The attacker could execute JavaScript code in the victim39s browser by using the link to preview sites hosted on the server. Authentication is not required to exploit the vulnerability.