Cross-Site Scripting Vulnerability in Parallels Plesk Small Business Panel
CVE-2011-4756

Currently unrated

Key Information:

Vendor: Parallels
Status: Parallels Plesk Small Business Panel
Vendor: CVE Published:; 16 December 2011

What is CVE-2011-4756?

The Parallels Plesk Small Business Panel 10.2.0 is vulnerable to a Cross-Site Scripting attack due to the absence of the HTTPOnly flag in its Set-Cookie header. This oversight allows remote attackers to access sensitive cookie information through scripts, potentially compromising user sessions and data security. Specific cookies, particularly those used by the site's editing functionalities, can be exploited, leading to unauthorized access to sensitive information.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/72208

vdb-entryx_refsource_XF

http://xss.cx/examples/plesk-reports/plesk-10.2.0.html

x_refsource_MISC

Timeline

Vulnerability published
Dec 16, 2011
Vulnerability Reserved
Dec 11, 2011