CVE-2011-4776

Name of the Vulnerable Software and Affected Versions Parallels Plesk Panel version 10.4.4 build20111103.18

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the Control Panel of Parallels Plesk Panel. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script. Specifically, this can be demonstrated by accessing certain files, such as "admin/update/settings/".

Recommendations For Parallels Plesk Panel version 10.4.4 build20111103.18, consider restricting access to the Control Panel and avoid using the vulnerable PHP scripts until a fix is available. As a temporary workaround, restrict input to the PHP scripts to minimize the risk of exploitation.