CVE-2011-4726

Name of the Vulnerable Software and Affected Versions Parallels Plesk Panel version 10.2.0 build1011110331.18

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the Server Administration Panel. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script. Specifically, the admin/health/ endpoint and certain other files are affected.

Recommendations For Parallels Plesk Panel version 10.2.0 build1011110331.18, consider restricting access to the Server Administration Panel until a fix is available. As a temporary workaround, avoid using the affected PHP scripts, such as those related to the admin/health/ endpoint, to minimize the risk of exploitation.