Information Disclosure in Parallels Plesk Panel Control Panel
CVE-2011-4737

Currently unrated

Key Information:

Vendor: Parallels
Status: Parallels Plesk Panel
Vendor: CVE Published:; 16 December 2011

What is CVE-2011-4737?

The Control Panel in Parallels Plesk Panel version 10.2.0 build 20110407.20 exposes sensitive information, including submitted passwords, within HTTP response bodies. This vulnerability enables remote attackers to intercept and acquire these passwords through network sniffing techniques, potentially compromising user credentials and sensitive data across affected instances. It is critical for users of this software to implement additional security measures to safeguard their systems from potential exploits.

References

http://xss.cx/examples/plesk-reports/xss-reflected-cross-...

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/72322

vdb-entryx_refsource_XF

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 16, 2011
Vulnerability Reserved
Dec 11, 2011