CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2011-4748
https://notcve.org/view.php?id=CVE-2011-4748
16 Dec 2011 — The billing system for Parallels Plesk Panel 10.3.1_build1013110726.09 has web pages containing e-mail addresses that are not intended for correspondence about the local application deployment, which allows remote attackers to obtain potentially sensitive information by reading a page, as demonstrated by js/ajax/core/ajax.inc.js and certain other files. El sistema de tarificación de Parallels Plesk Panel 10.3.1_build1013110726.09 contiene páginas web que incluyen direcciones de email imprevistas para su uso... • http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2011-4767
https://notcve.org/view.php?id=CVE-2011-4767
16 Dec 2011 — The Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 has web pages containing e-mail addresses that are not intended for correspondence about the local application deployment, which allows remote attackers to obtain potentially sensitive information by reading a page, as demonstrated by js/Wizard/Status.js and certain other files. La característica "Site Editor" (SiteBuilder) de Parallels Plesk Small Business Panel 10.2.0 tiene páginas web que contienen direcciones de e-m... • http://xss.cx/examples/plesk-reports/plesk-10.2.0-site-editor.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2011-4747
https://notcve.org/view.php?id=CVE-2011-4747
16 Dec 2011 — The billing system for Parallels Plesk Panel 10.3.1_build1013110726.09 does not prevent the use of weak ciphers for SSL sessions, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a crafted CipherSuite list. El sistema de tarificación de Parallels Plesk Panel 10.3.1_build1013110726.09 no previene el uso de algoritmos de cifrado débil en sesiones SSL, lo que facilita a atacantes remotos superar los mecanismos de protección criptográfica a través de una lista CipherS... • http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html • CWE-310: Cryptographic Issues •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2011-4777
https://notcve.org/view.php?id=CVE-2011-4777
16 Dec 2011 — Cross-site scripting (XSS) vulnerability in the Site Editor (aka SiteBuilder) feature in Parallels Plesk Panel 10.4.4_build20111103.18 allows remote attackers to inject arbitrary web script or HTML via the login parameter to preferences.html. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la funcionalidad "Site Editor" (SiteBuilder) de Parallels Plesk Panel 10.4.4_build20111103.18. Permite a atacantes remotos inyectar codigo de script web o código HTML de su elección a través del parám... • http://xss.cx/kb/parallels/xss-parallelspleskpanel.v10.4.4_build20111103.18-os_windows-2003-2008-reflected-cross-site-scripting-cwe79-capec86-javascript-injection-example-poc-report.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2011-4755
https://notcve.org/view.php?id=CVE-2011-4755
16 Dec 2011 — Parallels Plesk Small Business Panel 10.2.0 does not properly validate string data that is intended for storage in an XML document, which allows remote attackers to cause a denial of service (parsing error) or possibly have unspecified other impact via a crafted cookie, as demonstrated by cookies to client@1/domain@1/hosting/file-manager/ and certain other files. Parallels Plesk Small Business Panel 10.2.0 no valida apropiadamente datos de cadena de texto que son utilizados para almacenamiento en un documen... • http://xss.cx/examples/plesk-reports/plesk-10.2.0.html • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2011-4766
https://notcve.org/view.php?id=CVE-2011-4766
16 Dec 2011 — The Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 allows remote attackers to obtain ASP source code via a direct request to wysiwyg/fckconfig.js. NOTE: CVE disputes this issue because ASP is only used in a JavaScript comment ** CONTROVERTIDA ** La característica "Site Editor" (SiteBuilder) de Parallels Plesk Small Business Panel 10.2.0 permite a atacantes remotos obtener el código fuente ASP a través de peticiones directas a wysiwyg/fckconfig.js. NOTA: CVE discute este... • http://xss.cx/examples/plesk-reports/plesk-10.2.0-site-editor.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2011-4764
https://notcve.org/view.php?id=CVE-2011-4764
16 Dec 2011 — Multiple cross-site scripting (XSS) vulnerabilities in the Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by Wizard/Edit/Modules/Image and certain other files. Multiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en la funcionalidad "Site Editor" (SiteBuilder) de Parallels Plesk Small Business Panel 10.2.0. Permite a atacantes remotos... • http://xss.cx/examples/plesk-reports/plesk-10.2.0-site-editor.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2011-4735
https://notcve.org/view.php?id=CVE-2011-4735
16 Dec 2011 — Multiple cross-site scripting (XSS) vulnerabilities in the Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by smb/user/create and certain other files. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el panel del control de Parallels Plesk Panel 10.2.0 build 20110407.20. Permiten a atacantes remotos inyectar codigo de script web o código HTML de su ... • http://www.kb.cert.org/vuls/id/541814 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2011-4726
https://notcve.org/view.php?id=CVE-2011-4726
16 Dec 2011 — Multiple cross-site scripting (XSS) vulnerabilities in the Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by admin/health/ and certain other files. Multiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el panel de administración del servidor de Parallels Plesk Panel 10.2.0_build1011110331.18. Permite a atacantes remotos inyectar codigo de... • http://xss.cx/examples/plesk-reports/plesk-redhat-el6-psa-10.2.0-build-1011110331.18-xss-sqli-cwe79-cwe89-javascript-injection-exception-example-poc-report-paros-burp-suite-pro-1.4.1.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2011-4731
https://notcve.org/view.php?id=CVE-2011-4731
16 Dec 2011 — The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 includes an RFC 1918 IP address within a web page, which allows remote attackers to obtain potentially sensitive information by reading this page, as demonstrated by admin/home/admin and certain other files. El panel de administración del servidor de Parallels Plesk Panel 10.2.0_build1011110331.18 incluye una dirección IP RFC 1918 dentro de una página web, lo que permite a atacantes remotos obtener información confidencial le... • http://xss.cx/examples/plesk-reports/plesk-redhat-el6-psa-10.2.0-build-1011110331.18-xss-sqli-cwe79-cwe89-javascript-injection-exception-example-poc-report-paros-burp-suite-pro-1.4.1.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •