CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2011-4754
https://notcve.org/view.php?id=CVE-2011-4754
Multiple cross-site scripting (XSS) vulnerabilities in Parallels Plesk Small Business Panel 10.2.0 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by smb/app/available/id/apscatalog/ and certain other files. Multiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Parallels Plesk Small Business Panel 10.2.0. Permiten a atacantes remotos inyectar codigo de script web o código HTML de su elección a través de entrada modificada a un script PHP, tal como se ha demostrado por "smb/app/available/id/apscatalog/" y otros archivos concretos. • http://xss.cx/examples/plesk-reports/plesk-10.2.0.html https://exchange.xforce.ibmcloud.com/vulnerabilities/72206 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2011-4766
https://notcve.org/view.php?id=CVE-2011-4766
The Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 allows remote attackers to obtain ASP source code via a direct request to wysiwyg/fckconfig.js. NOTE: CVE disputes this issue because ASP is only used in a JavaScript comment ** CONTROVERTIDA ** La característica "Site Editor" (SiteBuilder) de Parallels Plesk Small Business Panel 10.2.0 permite a atacantes remotos obtener el código fuente ASP a través de peticiones directas a wysiwyg/fckconfig.js. NOTA: CVE discute este asunto debido a que ASP es utilizado sólo en un comentario JavaScript. • http://xss.cx/examples/plesk-reports/plesk-10.2.0-site-editor.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2011-4735
https://notcve.org/view.php?id=CVE-2011-4735
Multiple cross-site scripting (XSS) vulnerabilities in the Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by smb/user/create and certain other files. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el panel del control de Parallels Plesk Panel 10.2.0 build 20110407.20. Permiten a atacantes remotos inyectar codigo de script web o código HTML de su elección a través de datos de entrada modificados de scripts PHP, tal como se ha demostrado en smb/user/create y otros archivos concretos. • http://www.kb.cert.org/vuls/id/541814 http://xss.cx/examples/plesk-reports/xss-reflected-cross-site-scripting-cwe79-capec86-plesk-parallels-control-panel-version-20110407.20.html https://exchange.xforce.ibmcloud.com/vulnerabilities/72324 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2011-4741
https://notcve.org/view.php?id=CVE-2011-4741
The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 includes a database connection string within a web page, which allows remote attackers to obtain potentially sensitive information by reading this page, as demonstrated by client@2/domain@1/hosting/aspdotnet/. El panel de control de Parallels Plesk Panel 10.2.0 build 20110407.20 incluye una cadena de conexión a base de datos dentro de una página web, lo que permite a atacantes remotos obtener información confidencial leyendo esta página, tal como se ha demostrado con client@2/domain@1/hosting/aspdotnet/. • http://xss.cx/examples/plesk-reports/xss-reflected-cross-site-scripting-cwe79-capec86-plesk-parallels-control-panel-version-20110407.20.html https://exchange.xforce.ibmcloud.com/vulnerabilities/72318 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2011-4737
https://notcve.org/view.php?id=CVE-2011-4737
The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 includes a submitted password within an HTTP response body, which allows remote attackers to obtain sensitive information by sniffing the network, as demonstrated by password handling in client@2/domain@1/odbc/dsn@1/properties/. El panel de control de Parallels Plesk Panel 10.2.0 build 20110407.20 incluye una contraseña enviada ("submitted") dentro del cuerpo de una respuesta HTTP, lo que facilita a atacantes remotos obtener información confidencial interceptando el tráfico de red, tal como se ha demostrado por el manejo de las contraseñas en client@2/domain@1/odbc/dsn@1/properties/. • http://xss.cx/examples/plesk-reports/xss-reflected-cross-site-scripting-cwe79-capec86-plesk-parallels-control-panel-version-20110407.20.html https://exchange.xforce.ibmcloud.com/vulnerabilities/72322 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •