Information Disclosure Vulnerability in Parallels Plesk Panel by Parallels
CVE-2011-4740

Currently unrated

Key Information:

Vendor: Parallels
Status: Parallels Plesk Panel
Vendor: CVE Published:; 16 December 2011

What is CVE-2011-4740?

The Control Panel in Parallels Plesk Panel version 10.2.0 allows external links to be generated in response to specific GET requests. This behavior can be exploited by remote attackers to access sensitive details via the web server's access and Referer logs, facilitating unauthorized information retrieval due to cross-domain Referer leakage issues.

References

http://xss.cx/examples/plesk-reports/xss-reflected-cross-...

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/72319

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Dec 16, 2011
Vulnerability Reserved
Dec 11, 2011