CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2011-4766
https://notcve.org/view.php?id=CVE-2011-4766
16 Dec 2011 — The Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 allows remote attackers to obtain ASP source code via a direct request to wysiwyg/fckconfig.js. NOTE: CVE disputes this issue because ASP is only used in a JavaScript comment ** CONTROVERTIDA ** La característica "Site Editor" (SiteBuilder) de Parallels Plesk Small Business Panel 10.2.0 permite a atacantes remotos obtener el código fuente ASP a través de peticiones directas a wysiwyg/fckconfig.js. NOTA: CVE discute este... • http://xss.cx/examples/plesk-reports/plesk-10.2.0-site-editor.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2011-4764
https://notcve.org/view.php?id=CVE-2011-4764
16 Dec 2011 — Multiple cross-site scripting (XSS) vulnerabilities in the Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by Wizard/Edit/Modules/Image and certain other files. Multiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en la funcionalidad "Site Editor" (SiteBuilder) de Parallels Plesk Small Business Panel 10.2.0. Permite a atacantes remotos... • http://xss.cx/examples/plesk-reports/plesk-10.2.0-site-editor.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2011-4735
https://notcve.org/view.php?id=CVE-2011-4735
16 Dec 2011 — Multiple cross-site scripting (XSS) vulnerabilities in the Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by smb/user/create and certain other files. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el panel del control de Parallels Plesk Panel 10.2.0 build 20110407.20. Permiten a atacantes remotos inyectar codigo de script web o código HTML de su ... • http://www.kb.cert.org/vuls/id/541814 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2011-4726
https://notcve.org/view.php?id=CVE-2011-4726
16 Dec 2011 — Multiple cross-site scripting (XSS) vulnerabilities in the Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by admin/health/ and certain other files. Multiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el panel de administración del servidor de Parallels Plesk Panel 10.2.0_build1011110331.18. Permite a atacantes remotos inyectar codigo de... • http://xss.cx/examples/plesk-reports/plesk-redhat-el6-psa-10.2.0-build-1011110331.18-xss-sqli-cwe79-cwe89-javascript-injection-exception-example-poc-report-paros-burp-suite-pro-1.4.1.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2011-4731
https://notcve.org/view.php?id=CVE-2011-4731
16 Dec 2011 — The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 includes an RFC 1918 IP address within a web page, which allows remote attackers to obtain potentially sensitive information by reading this page, as demonstrated by admin/home/admin and certain other files. El panel de administración del servidor de Parallels Plesk Panel 10.2.0_build1011110331.18 incluye una dirección IP RFC 1918 dentro de una página web, lo que permite a atacantes remotos obtener información confidencial le... • http://xss.cx/examples/plesk-reports/plesk-redhat-el6-psa-10.2.0-build-1011110331.18-xss-sqli-cwe79-cwe89-javascript-injection-exception-example-poc-report-paros-burp-suite-pro-1.4.1.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 1%CPEs: 3EXPL: 0CVE-2011-4733
https://notcve.org/view.php?id=CVE-2011-4733
16 Dec 2011 — The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving smb/admin-home/disable-featured-applications-promo and certain other files. NOTE: it is possible that only clients, not the Plesk product, could be affected by this issue. El panel de administración del servidor de Parallels Plesk Panel 10.2.0_build1011... • http://xss.cx/examples/plesk-reports/plesk-redhat-el6-psa-10.2.0-build-1011110331.18-xss-sqli-cwe79-cwe89-javascript-injection-exception-example-poc-report-paros-burp-suite-pro-1.4.1.html •
CVSS: 10.0EPSS: 1%CPEs: 3EXPL: 0CVE-2011-4743
https://notcve.org/view.php?id=CVE-2011-4743
16 Dec 2011 — The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 omits the Content-Type header's charset parameter for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving smb/user/create and certain other files. NOTE: it is possible that only clients, not the Plesk product, could be affected by this issue. El panel de control de Parallels Plesk Panel 10.2.0 build 20110407.20 omite el parámetro charset de la cabecera para d... • http://xss.cx/examples/plesk-reports/xss-reflected-cross-site-scripting-cwe79-capec86-plesk-parallels-control-panel-version-20110407.20.html •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2011-4850
https://notcve.org/view.php?id=CVE-2011-4850
16 Dec 2011 — The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by help.php and certain other files. El panel de control de Parallels Plesk Panel 10.4.4_build20111103.18 no incluye la etiqueta HTTPOnly en la cabecera Set-Cookie para una cookie, lo que facilita a atacantes remotos obt... • http://xss.cx/kb/parallels/xss-parallelspleskpanel.v10.4.4_build20111103.18-os_windows-2003-2008-reflected-cross-site-scripting-cwe79-capec86-javascript-injection-example-poc-report.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2011-4738
https://notcve.org/view.php?id=CVE-2011-4738
16 Dec 2011 — The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by get_password.php and certain other files. El panel de control de Parallels Plesk Panel 10.2.0 build 20110407.20 no incluye la etiqueta HTTPOnly en una cabecera Set-Cookie para una cookie, lo que facilita a atacantes ... • http://xss.cx/examples/plesk-reports/xss-reflected-cross-site-scripting-cwe79-capec86-plesk-parallels-control-panel-version-20110407.20.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2011-4776
https://notcve.org/view.php?id=CVE-2011-4776
16 Dec 2011 — Multiple cross-site scripting (XSS) vulnerabilities in the Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by admin/update/settings/ and certain other files. Múltiples vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el panel de control de Parallels Plesk Panel 10.4.4_build20111103.18. Permiten a atacantes remotos inyectar codigo de script web o código HTML de s... • http://xss.cx/kb/parallels/xss-parallelspleskpanel.v10.4.4_build20111103.18-os_windows-2003-2008-reflected-cross-site-scripting-cwe79-capec86-javascript-injection-example-poc-report.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •