CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2011-4762
https://notcve.org/view.php?id=CVE-2011-4762
Parallels Plesk Small Business Panel 10.2.0 sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving smb/app/top-categories-data/ and certain other files. NOTE: it is possible that only clients, not the SmarterStats product, could be affected by this issue. Parallels Plesk Small Business Panel 10.2.0 envía cabeceras Content-Type incorrectas a determinados recursos, lo que permite a atacantes remotos tener un impacto sin especificar utilizando un conflicto de interpretación que involucre "smb/app/top-categories-data/" y otros archivos concretos. NOTA: es posible que sólo clientes, y no el producto SmarterStats, pueden estar afectados. • http://xss.cx/examples/plesk-reports/plesk-10.2.0.html https://exchange.xforce.ibmcloud.com/vulnerabilities/72214 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2011-4765
https://notcve.org/view.php?id=CVE-2011-4765
The Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by Wizard/Edit/Modules/ImageGallery/MultiImagesUpload and certain other files. La característica "Site Editor" (SiteBuilder) de Parallels Plesk Small Business Panel 10.2.0 no incluye la etiqueta HTTPOnly en una cabecera Set-Cookie para una cookie, lo que facilita a atacantes remotos obtener información confidencial a través de un acceso mediante script a esta cookie. Tal como se ha demostrado por cookies utilizadas Wizard/Edit/Modules/ImageGallery/MultiImagesUpload y otros archivos determinados. • http://xss.cx/examples/plesk-reports/plesk-10.2.0-site-editor.html https://exchange.xforce.ibmcloud.com/vulnerabilities/72217 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2011-4760
https://notcve.org/view.php?id=CVE-2011-4760
Parallels Plesk Small Business Panel 10.2.0 has web pages containing e-mail addresses that are not intended for correspondence about the local application deployment, which allows remote attackers to obtain potentially sensitive information by reading a page, as demonstrated by smb/email-address/list and certain other files. Parallels Plesk Small Business Panel 10.2.0 tiene determinadas páginas web que contienen direcciones de e-mail no intencionadas utilizadas para el desarrollo local de la aplicación, lo que permite a atacantes remotos obtener información confidencial leyendo una página, tal como se ha demostrado con "smb/email-address/list" y otros archivos determinados. • http://xss.cx/examples/plesk-reports/plesk-10.2.0.html https://exchange.xforce.ibmcloud.com/vulnerabilities/72212 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2011-4754
https://notcve.org/view.php?id=CVE-2011-4754
Multiple cross-site scripting (XSS) vulnerabilities in Parallels Plesk Small Business Panel 10.2.0 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by smb/app/available/id/apscatalog/ and certain other files. Multiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Parallels Plesk Small Business Panel 10.2.0. Permiten a atacantes remotos inyectar codigo de script web o código HTML de su elección a través de entrada modificada a un script PHP, tal como se ha demostrado por "smb/app/available/id/apscatalog/" y otros archivos concretos. • http://xss.cx/examples/plesk-reports/plesk-10.2.0.html https://exchange.xforce.ibmcloud.com/vulnerabilities/72206 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2011-4766
https://notcve.org/view.php?id=CVE-2011-4766
The Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 allows remote attackers to obtain ASP source code via a direct request to wysiwyg/fckconfig.js. NOTE: CVE disputes this issue because ASP is only used in a JavaScript comment ** CONTROVERTIDA ** La característica "Site Editor" (SiteBuilder) de Parallels Plesk Small Business Panel 10.2.0 permite a atacantes remotos obtener el código fuente ASP a través de peticiones directas a wysiwyg/fckconfig.js. NOTA: CVE discute este asunto debido a que ASP es utilizado sólo en un comentario JavaScript. • http://xss.cx/examples/plesk-reports/plesk-10.2.0-site-editor.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •