Cross-Domain Referer Leakage in Parallels Plesk Small Business Panel
CVE-2011-4759

Currently unrated

Key Information:

Vendor: Parallels
Status: Parallels Plesk Small Business Panel
Vendor: CVE Published:; 16 December 2011

What is CVE-2011-4759?

The Parallels Plesk Small Business Panel 10.2.0 contains a vulnerability that exposes sensitive information through cross-domain referer leakage. When a GET request is made with specific query parameters, the web application generates responses that include external links. This behavior can lead to attackers obtaining sensitive data by analyzing web-server access logs or referer logs. By exploiting this issue, remote attackers may gain unauthorized access to user information, potentially compromising the security of the affected systems.

References

http://xss.cx/examples/plesk-reports/plesk-10.2.0.html

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/72211

vdb-entryx_refsource_XF

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 16, 2011
Vulnerability Reserved
Dec 11, 2011