Cross-Site Scripting Vulnerabilities in Parallels Plesk Panel
CVE-2011-4726

Currently unrated

Key Information:

Vendor: Parallels
Status: Parallels Plesk Panel
Vendor: CVE Published:; 16 December 2011

What is CVE-2011-4726?

Multiple cross-site scripting (XSS) vulnerabilities exist in the Server Administration Panel of Parallels Plesk Panel version 10.2.0. These security flaws allow remote attackers to inject arbitrary web scripts or HTML through carefully crafted input sent to various PHP scripts, potentially affecting the administration interface and exposing sensitive data. Attackers may leverage these vulnerabilities to execute malicious scripts in the context of users' sessions, leading to unauthorized actions and possible data breaches.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/72333

vdb-entryx_refsource_XF

http://xss.cx/examples/plesk-reports/plesk-redhat-el6-psa...

x_refsource_MISC

Timeline

Vulnerability published
Dec 16, 2011
Vulnerability Reserved
Dec 11, 2011