Cookie Exposure Vulnerability in Parallels Plesk Panel by Parallels
CVE-2011-4729

Currently unrated

Key Information:

Vendor: Parallels
Status: Parallels Plesk Panel
Vendor: CVE Published:; 16 December 2011

What is CVE-2011-4729?

The Server Administration Panel in Parallels Plesk Panel 10.2.0 does not set the HTTPOnly flag on its cookies. This omission allows attackers to exploit script access to these cookies, potentially exposing sensitive user data. Specifically, cookies utilized by login_up.php3 and other related files may be vulnerable, enabling unauthorized retrieval of critical information. Consequently, an attacker can execute scripts in the user's browser context, enhancing the risk of XSS attacks against users of the affected product.

References

http://xss.cx/examples/plesk-reports/plesk-redhat-el6-psa...

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/72330

vdb-entryx_refsource_XF

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 16, 2011
Vulnerability Reserved
Dec 11, 2011