CVE-2011-4728

Parallels Plesk Panel 10.2.0_build101110331.18 - Exposure of Sensitive Information via Insecure Cookie Transmission

Title source: llm
STIX 2.1

Description

The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session, as demonstrated by cookies used by login_up.php3 and certain other files.

Scores

EPSS 0.0116
EPSS Percentile 63.3%

Details

CWE
CWE-200
Status published
Products (1)
parallels/parallels_plesk_panel 10.2.0_build1011110331.18
Published Dec 16, 2011
Tracked Since Feb 18, 2026