CVE-2011-4850

Parallels Plesk Panel 10.4.4_build20111103.18 - Exposure of Sensitive Information via Missing HTTPOnly Cookie Flag

Title source: llm
STIX 2.1

Description

The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by help.php and certain other files.

Scores

EPSS 0.0107
EPSS Percentile 60.8%

Details

CWE
CWE-200
Status published
Products (1)
parallels/parallels_plesk_panel 10.4.4_build20111103.18
Published Dec 16, 2011
Tracked Since Feb 18, 2026