Cross-Site Scripting Vulnerabilities in Parallels Plesk Small Business Panel
CVE-2011-4754

Currently unrated

Key Information:

Vendor: Parallels
Status: Parallels Plesk Small Business Panel
Vendor: CVE Published:; 16 December 2011

What is CVE-2011-4754?

Multiple cross-site scripting (XSS) vulnerabilities have been identified in the Parallels Plesk Small Business Panel version 10.2.0. These vulnerabilities allow remote attackers to inject arbitrary web scripts or HTML into the application. Malicious input can be submitted via specific PHP scripts, such as those located in smb/app/available/id/apscatalog/, among others, potentially enabling attackers to execute harmful actions on client systems who access the compromised application.

References

http://xss.cx/examples/plesk-reports/plesk-10.2.0.html

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/72206

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Dec 16, 2011
Vulnerability Reserved
Dec 11, 2011