Sign-up

ID

VAR-190001-0747


TITLE

Parallels Plesk Panel Input validation vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-201110-411

DESCRIPTION

Parallels Plesk Panel is prone to multiple cross-site scripting vulnerabilities and SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Trust: 0.3

sources: BID: 49887

AFFECTED PRODUCTS

vendor:parallelsmodel:plesk panelscope:eqversion:9.5

Trust: 0.3

vendor:parallelsmodel:plesk panelscope:eqversion:9.3

Trust: 0.3

vendor:parallelsmodel:plesk panelscope:eqversion:10.2

Trust: 0.3

vendor:parallelsmodel:plesk panelscope:eqversion:10.1

Trust: 0.3

vendor:parallelsmodel:plesk panelscope:eqversion:10.0

Trust: 0.3

vendor:parallelsmodel:plesk panelscope:neversion:10.3

Trust: 0.3

sources: BID: 49887

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201110-411

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201110-411

EXTERNAL IDS

db:BIDid:49887

Trust: 0.9

db:CNNVDid:CNNVD-201110-411

Trust: 0.6

sources: BID: 49887 // CNNVD: CNNVD-201110-411

REFERENCES

url:http://www.securityfocus.com/bid/49887

Trust: 0.6

url:http://www.parallels.com/products/plesk/

Trust: 0.3

url:http://xss.cx/examples/plesk-reports/plesk-redhat-el6-psa-10.2.0-build-1011110331.18-xss-sqli-cwe79-cwe89-javascript-injection-exception-example-poc-report-paros-burp-suite-pro-1.4.1.html

Trust: 0.3

url:http://xss.cx/examples/plesk-reports/xss-reflected-cross-site-scripting-cwe79-capec86-plesk-parallels-control-panel-version-20110407.20.html

Trust: 0.3

sources: BID: 49887 // CNNVD: CNNVD-201110-411

CREDITS

David Hoyt

Trust: 0.9

sources: BID: 49887 // CNNVD: CNNVD-201110-411

SOURCES

db:BIDid:49887
db:CNNVDid:CNNVD-201110-411

LAST UPDATE DATE

2022-05-17T02:02:15.495000+00:00


SOURCES UPDATE DATE

db:BIDid:49887date:2011-09-30T00:00:00
db:CNNVDid:CNNVD-201110-411date:2011-10-20T00:00:00

SOURCES RELEASE DATE

db:BIDid:49887date:2011-09-30T00:00:00
db:CNNVDid:CNNVD-201110-411date:1900-01-01T00:00:00