CVE-2011-4728
Parallels Plesk Panel 10.2.0_build101110331.18 - Exposure of Sensitive Information via Insecure Cookie Transmission
Title source: llmDescription
The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session, as demonstrated by cookies used by login_up.php3 and certain other files.
References (2)
Core 2
Core References
Various Sources x_refsource_misc
http://xss.cx/examples/plesk-reports/plesk-redhat-el6-psa-10.2.0-build-1011110331.18-xss-sqli-cwe79-cwe89-javascript-injection-exception-example-poc-report-paros-burp-suite-pro-1.4.1.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/72331
Scores
EPSS
0.0116
EPSS Percentile
63.3%
Details
CWE
CWE-200
Status
published
Products (1)
parallels/parallels_plesk_panel
10.2.0_build1011110331.18
Published
Dec 16, 2011
Tracked Since
Feb 18, 2026