• The APS Catalog has been deprecated and removed from all Plesk Obsidian versions.
    Applications already installed from the APS Catalog will continue working. However, Plesk will no longer provide support for APS applications.
  • Please be aware: with the Plesk Obsidian 18.0.78 release, the support for the ngx_pagespeed.so module will be deprecated and removed from the sw-nginx package.

Question How to Detect and Mitigate Next.js / React Vulnerabilities on Windows Plesk Server

T

teletek

New Pleskian
Server operating system version
Windows Server 2019
Plesk version and microupdate number
Plesk Obsidian 18.0.70 Update #4
Hello Plesk Community,


I am running a Plesk server on Windows OS and hosting a web application built with Next.js / React. I would like guidance on how to properly detect, verify, and mitigate potential security vulnerabilities related to these frameworks.


Specifically, I would appreciate help with the following points:



1. How can I detect if my application is affected by a Next.js / React vulnerability?​


  • Are there recommended tools or commands to scan for known vulnerabilities (e.g. CVEs)?
  • Can this be done directly from the Plesk interface or via command line on Windows?
  • Are there Plesk extensions or security scanners that can help identify vulnerable JavaScript dependencies?


2. How can I check the installed Next.js and React versions?​


On a Windows Plesk server:


  • Which files should I check to confirm the exact versions (e.g. package.json, package-lock.json, node_modules)?
  • Are there recommended Node.js or npm commands to safely retrieve version information in a production environment?

Example:


  • npm list next
  • npm list react

Is this the correct and safe approach on a live Plesk-hosted site?



3. How should I update Next.js / React securely?​


  • What is the recommended upgrade path for Next.js and React on a Windows server?
  • Should the update be performed locally and then redeployed, or directly on the server?
  • Are there best practices to avoid downtime when updating JavaScript frameworks on Plesk?


4. Plesk & Windows-specific considerations​


  • Are there any Windows-specific limitations or known issues when running Next.js applications on Plesk?
  • Does Plesk provide official guidance for securing Node.js applications against known vulnerabilities?


5. Logging and monitoring​


  • Where can I find logs related to Node.js / Next.js execution in Plesk on Windows?
  • How can I monitor suspicious behavior that may indicate exploitation attempts?


Any best practices, documentation links, or real-world experiences would be greatly appreciated.


Thank you in advance for your support.


Best regards,
 
You must log in or register to reply here.

Similar threads

M
Input Add warning when Document Root equals Application Root in Node.js apps
Replies
1
Views
2K
Sebahat.hadzhi
Sebahat.hadzhi
S
Question How to deploy React app?
Replies
14
Views
10K
Aleksei Fedorov
A
Hangover2
Critical security issue fixed on 24–25 February 2026 (Plesk Obsidian 18.0.75 Update 1 / 18.0.76 Update 2) — request for vulnerability details
Replies
4
Views
2K
Hangover2
Hangover2
M
Issue Plesk NodeJS file direct access - vulnerability
Replies
4
Views
3K
scsa20
scsa20
M
Question Are Plesk servers susceptible to TLS BREACH attacks? (cve-2013-3587)
Replies
1
Views
2K
scsa20
scsa20
Back
Top