Plesk Obsidian through 18.0.49 contains an open redirect vulnerability via the login page. An attacker can redirect users to malicious websites via a host request header and thereby access user credentials and execute unauthorized operations. NOTE: The vendor’s position is “the ability to use arbitrary domain names to access the panel is an intended feature.”
View the template here CVE-2023-24044.yaml
References:
https://medium.com/@jetnipat.tho/cve-2023-24044-10e48ab940d8