CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2011-4847
https://notcve.org/view.php?id=CVE-2011-4847
SQL injection vulnerability in the Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 allows remote attackers to execute arbitrary SQL commands via a certificateslist cookie to notification@/. Vulnerabilidad de inyección SQL en el panel de control de Parallels Plesk Panel 10.4.4_build20111103.18 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de una cookie certificateslist s notification@/. • http://xss.cx/kb/parallels/xss-parallelspleskpanel.v10.4.4_build20111103.18-os_windows-2003-2008-reflected-cross-site-scripting-cwe79-capec86-javascript-injection-example-poc-report.html https://exchange.xforce.ibmcloud.com/vulnerabilities/72222 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0CVE-2011-4856
https://notcve.org/view.php?id=CVE-2011-4856
The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving admin/health/parameters and certain other files. NOTE: it is possible that only clients, not the Plesk product, could be affected by this issue. El panel de control de Parallels Plesk Panel 10.4.4_build20111103.18 envía cabeceras incorrectas Content-Type para determinados recursos, lo que permite a atacantes remotos provocar un impacto sin especificar utilizando un conflicto de interpretación que involucra "admin/health/parameters" y otros archivos determinados. NOTE: es posible que sólo clientes, no el producto Plesk, puedan estar afectados. • http://xss.cx/kb/parallels/xss-parallelspleskpanel.v10.4.4_build20111103.18-os_windows-2003-2008-reflected-cross-site-scripting-cwe79-capec86-javascript-injection-example-poc-report.html https://exchange.xforce.ibmcloud.com/vulnerabilities/72091 •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2011-4777
https://notcve.org/view.php?id=CVE-2011-4777
Cross-site scripting (XSS) vulnerability in the Site Editor (aka SiteBuilder) feature in Parallels Plesk Panel 10.4.4_build20111103.18 allows remote attackers to inject arbitrary web script or HTML via the login parameter to preferences.html. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la funcionalidad "Site Editor" (SiteBuilder) de Parallels Plesk Panel 10.4.4_build20111103.18. Permite a atacantes remotos inyectar codigo de script web o código HTML de su elección a través del parámetro login de preferences.html. • http://xss.cx/kb/parallels/xss-parallelspleskpanel.v10.4.4_build20111103.18-os_windows-2003-2008-reflected-cross-site-scripting-cwe79-capec86-javascript-injection-example-poc-report.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2011-4850
https://notcve.org/view.php?id=CVE-2011-4850
The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by help.php and certain other files. El panel de control de Parallels Plesk Panel 10.4.4_build20111103.18 no incluye la etiqueta HTTPOnly en la cabecera Set-Cookie para una cookie, lo que facilita a atacantes remotos obtener información confidencial a través del acceso mediante scripts a esta cookie, tal como se ha demostrado por cookies en help.php y otros archivos determinados. • http://xss.cx/kb/parallels/xss-parallelspleskpanel.v10.4.4_build20111103.18-os_windows-2003-2008-reflected-cross-site-scripting-cwe79-capec86-javascript-injection-example-poc-report.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2011-4849
https://notcve.org/view.php?id=CVE-2011-4849
The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session, as demonstrated by cookies used by help.php and certain other files. El panel de control de Parallels Plesk Panel 10.4.4_build20111103.18 no habilita la opción "secure flag" para cookies de una sesión https, lo que facilita a atacantes remotos capturar esta cookie interceptándola en una sesión http. Tal como se ha demostrado por cookies utilizadas en help.php y otros determinados archivos. • http://xss.cx/kb/parallels/xss-parallelspleskpanel.v10.4.4_build20111103.18-os_windows-2003-2008-reflected-cross-site-scripting-cwe79-capec86-javascript-injection-example-poc-report.html https://exchange.xforce.ibmcloud.com/vulnerabilities/72224 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •