Site Editor Vulnerability in Parallels Plesk Small Business Panel
CVE-2011-4768

Currently unrated

Key Information:

Vendor: Parallels
Status: Parallels Plesk Small Business Panel
Vendor: CVE Published:; 16 December 2011

What is CVE-2011-4768?

The Site Editor feature in Parallels Plesk Small Business Panel version 10.2.0 fails to include the charset parameter in the Content-Type header for certain resources. This omission can lead to potential security risks, allowing remote attackers to exploit an interpretation conflict in processing files associated with the Wizard/Edit/Modules/Image functionality. Such vulnerabilities may disproportionately affect clients using the service, rather than the Plesk product itself.

References

http://xss.cx/examples/plesk-reports/plesk-10.2.0-site-ed...

x_refsource_MISC

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Dec 16, 2011