CVE-2011-4755

Parallels Plesk Small Business Panel 10.2.0 - XML External Entity Injection via Crafted Cookie

Title source: llm
STIX 2.1

Description

Parallels Plesk Small Business Panel 10.2.0 does not properly validate string data that is intended for storage in an XML document, which allows remote attackers to cause a denial of service (parsing error) or possibly have unspecified other impact via a crafted cookie, as demonstrated by cookies to client@1/domain@1/hosting/file-manager/ and certain other files.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/72207

Scores

EPSS 0.0200
EPSS Percentile 78.5%

Details

CWE
CWE-20
Status published
Products (1)
parallels/parallels_plesk_small_business_panel 10.2.0
Published Dec 16, 2011
Tracked Since Feb 18, 2026