CVE-2004-2702 in Plesk
Summary
by MITRE
Cross-site scripting (XSS) vulnerability in login_up.php3 in Plesk 7.0 and 7.1 Reloaded allows remote attackers to inject arbitrary web script or HTML via the login_name parameter. NOTE: this might be the same vector as CVE-2006-6451.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 06/14/2025
The vulnerability identified as CVE-2004-2702 represents a critical cross-site scripting flaw discovered in Plesk 7.0 and 7.1 Reloaded web hosting control panels. This vulnerability specifically affects the login_up.php3 script, which serves as a crucial authentication component within the Plesk interface. The flaw enables remote attackers to execute malicious web scripts or HTML code through manipulation of the login_name parameter, creating a significant security risk for web hosting environments that rely on this software platform.
The technical nature of this vulnerability aligns with CWE-79, which categorizes cross-site scripting as a code injection flaw where untrusted data is improperly integrated into web pages without proper validation or sanitization. The vulnerability occurs because the login_up.php3 script fails to adequately sanitize user input received through the login_name parameter before incorporating it into the web response. This omission allows attackers to inject malicious scripts that execute in the context of other users' browsers who visit the affected pages, potentially leading to session hijacking, credential theft, or unauthorized access to sensitive hosting account information.
The operational impact of this vulnerability extends beyond simple script injection, as it compromises the fundamental security model of the Plesk control panel. When attackers successfully exploit this flaw, they can manipulate the authentication interface to redirect users to malicious sites, steal session cookies, or even modify user accounts. The vulnerability affects the entire Plesk ecosystem, potentially compromising thousands of hosting accounts simultaneously, as the login interface is frequently accessed by system administrators and end users. The attack vector is particularly dangerous because it requires no privileged access or authentication to the system, making it an attractive target for automated exploitation campaigns.
Security practitioners should consider this vulnerability in the context of the broader ATT&CK framework, specifically under the T1566 technique for initial access through web application attacks. The vulnerability also relates to T1071.004 for application layer protocol usage and T1531 for credential access through session manipulation. Organizations using affected Plesk versions should implement immediate mitigations including input validation, output encoding, and application-level firewalls to prevent exploitation. The most effective long-term solution involves upgrading to patched versions of Plesk, as this vulnerability was subsequently addressed in later releases. Additionally, administrators should conduct comprehensive security audits of all web applications and implement proper content security policies to prevent similar vulnerabilities in other components of their hosting infrastructure.