CVE-2006-6451

Plesk < 8.0.1 - Cross-Site Scripting via get_password.php or login_up.php3 Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2006-6451. PoCs published by David Vieira-Kurz.

AI-analyzed exploit summary This exploit demonstrates an HTML injection vulnerability in Plesk by injecting a script tag into the login_up.php3 page, which executes arbitrary JavaScript in the context of the affected site.

Description

Multiple cross-site scripting (XSS) vulnerabilities in SWsoft Plesk 8.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) get_password.php or (2) login_up.php3.

Exploits (2)

exploitdb WORKING POC VERIFIED
by David Vieira-Kurz · textwebappsphp
https://www.exploit-db.com/exploits/29018

This exploit demonstrates an HTML injection vulnerability in Plesk by injecting a script tag into the login_up.php3 page, which executes arbitrary JavaScript in the context of the affected site.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Plesk 8.0.1 and prior versions
No auth needed
Prerequisites: Access to the vulnerable Plesk login page
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by David Vieira-Kurz · textwebappsphp
https://www.exploit-db.com/exploits/29017

This exploit demonstrates an HTML injection vulnerability in Plesk 8.0.1 and prior versions. The PoC shows how an attacker can inject arbitrary HTML and script code via the URL, leading to potential credential theft or site manipulation.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Plesk 8.0.1 and prior versions
No auth needed
Prerequisites: Access to the target URL
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/30320
Exploit, Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1017236
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=116370467532206&w=2
Exploit, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/21067

Scores

EPSS 0.0227
EPSS Percentile 80.8%

Details

CWE
CWE-79
Status published
Products (2)
swsoft/plesk 7.5
swsoft/plesk < 8.0.1
Published Dec 10, 2006
Tracked Since Feb 18, 2026