Vulnerability Description
Parallels Plesk Small Business Panel 10.2.0 does not properly validate string data that is intended for storage in an XML document, which allows remote attackers to cause a denial of service (parsing error) or possibly have unspecified other impact via a crafted cookie, as demonstrated by cookies to client@1/domain@1/hosting/file-manager/ and certain other files.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Parallels | Parallels Plesk Small Business Panel | 10.2.0 |
Related Weaknesses (CWE)
References
- http://xss.cx/examples/plesk-reports/plesk-10.2.0.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/72207
- http://xss.cx/examples/plesk-reports/plesk-10.2.0.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/72207
FAQ
What is CVE-2011-4755?
CVE-2011-4755 is a vulnerability with a CVSS score of 10.0 (HIGH). Parallels Plesk Small Business Panel 10.2.0 does not properly validate string data that is intended for storage in an XML document, which allows remote attackers to cause a denial of service (parsing ...
How severe is CVE-2011-4755?
CVE-2011-4755 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-4755?
Check the references section above for vendor advisories and patch information. Affected products include: Parallels Parallels Plesk Small Business Panel.