Lucene search

MitreCVE-2011-4745

HistoryDec 16, 2011 - 11:55 a.m.

CVE-2011-4745

2011-12-1611:55:10

CWE-79

mitre

web.nvd.nist.gov

cve

2011

4745

xss

vulnerabilities

parallels plesk panel 10.3.1

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

48.5%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the billing system for Parallels Plesk Panel 10.3.1_build1013110726.09 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by admin/index.php/default and certain other files.

Affected configurations

Nvd

Node

parallelsparallels_plesk_panelMatch10.3.1_build1013110726.09

AND

redhatenterprise_linuxMatch6.0

VendorProductVersionCPE
parallelsparallels_plesk_panel10.3.1_build1013110726.09cpe:2.3:a:parallels:parallels_plesk_panel:10.3.1_build1013110726.09:*:*:*:*:*:*:*
redhatenterprise_linux6.0cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
parallels	parallels_plesk_panel	10.3.1_build1013110726.09	cpe:2.3:a:parallels:parallels_plesk_panel:10.3.1_build1013110726.09:::::::*
redhat	enterprise_linux	6.0	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*

References

xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html

exchange.xforce.ibmcloud.com/vulnerabilities/72264

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

48.5%

JSON

Related for CVE-2011-4745