Cross-Site Scripting Vulnerabilities in Parallels Plesk Panel by Parallels
CVE-2011-4735

Currently unrated

Key Information:

Vendor: Parallels
Status: Parallels Plesk Panel
Vendor: CVE Published:; 16 December 2011

What is CVE-2011-4735?

The Parallels Plesk Panel 10.2.0 build 20110407.20 is impacted by multiple cross-site scripting (XSS) vulnerabilities. These flaws permit remote attackers to inject and execute arbitrary web scripts or HTML through specially crafted inputs submitted to various PHP scripts, including functions associated with user creation. This exploitation could lead to unauthorized actions performed on behalf of users, potentially compromising sensitive information and application integrity.

References

http://www.kb.cert.org/vuls/id/541814

third-party-advisoryx_refsource_CERT-VN

http://xss.cx/examples/plesk-reports/xss-reflected-cross-...

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/72324

vdb-entryx_refsource_XF

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 16, 2011
Vulnerability Reserved
Dec 11, 2011