Vulnerability Details CVE-2011-4748
The billing system for Parallels Plesk Panel 10.3.1_build1013110726.09 has web pages containing e-mail addresses that are not intended for correspondence about the local application deployment, which allows remote attackers to obtain potentially sensitive information by reading a page, as demonstrated by js/ajax/core/ajax.inc.js and certain other files.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 45.8%
CVSS Severity
CVSS v2 Score 5.0
References
- http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/72261
- http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/72261
Products affected by CVE-2011-4748
-
cpe:2.3:a:parallels:parallels_plesk_panel:10.3.1_build1013110726.09
-
cpe:2.3:o:redhat:enterprise_linux:6.0