Cross-Site Scripting Vulnerabilities in Parallels Plesk Panel Billing System
CVE-2011-4745

Currently unrated

Key Information:

Vendor: Parallels
Status: Parallels Plesk Panel
Vendor: CVE Published:; 16 December 2011

What is CVE-2011-4745?

The billing system in Parallels Plesk Panel version 10.3.1_build1013110726.09 is susceptible to multiple cross-site scripting vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web scripts or HTML through specially crafted input targeting PHP scripts, such as those in admin/index.php/default. Successful exploitation can enable attackers to execute malicious scripts in the context of the affected user's session, potentially compromising sensitive information or delivering further attacks.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/72264

vdb-entryx_refsource_XF

http://xss.cx/examples/plesk-reports/plesk-parallels-cont...

x_refsource_MISC

Timeline

Vulnerability published
Dec 16, 2011
Vulnerability Reserved
Dec 11, 2011