CVE-2011-4850
Parallels Plesk Panel 10.4.4_build20111103.18 - Exposure of Sensitive Information via Missing HTTPOnly Cookie Flag
Title source: llmDescription
The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by help.php and certain other files.
References (1)
Core 1
Core References
Scores
EPSS
0.0107
EPSS Percentile
60.8%
Details
CWE
CWE-200
Status
published
Products (1)
parallels/parallels_plesk_panel
10.4.4_build20111103.18
Published
Dec 16, 2011
Tracked Since
Feb 18, 2026