CVE-2011-4755

Name of the Vulnerable Software and Affected Versions Parallels Plesk Small Business Panel version 10.2.0

Description The issue arises from improper validation of string data intended for storage in an XML document. This can be exploited by remote attackers through crafted cookies, potentially leading to a denial of service due to parsing errors or other unspecified impacts. Attackers can craft cookies to specific files, such as client@1/domain@1/hosting/file-manager/, to exploit this issue.

Recommendations For Parallels Plesk Small Business Panel version 10.2.0, consider restricting access to the file-manager and other sensitive files until a proper fix is available. As a temporary workaround, validate all string data intended for XML documents to prevent parsing errors.