CVE-2011-4727

Name of the Vulnerable Software and Affected Versions Parallels Plesk Panel version 10.2.0 build1011110331.18

Description The issue concerns the Server Administration Panel in Parallels Plesk Panel, where it fails to properly validate string data intended for storage in an XML document. This can be exploited by remote attackers through a crafted REST URL parameter, potentially causing a denial of service due to a parsing error or having other unspecified impacts. This can be achieved by manipulating parameters to certain files, such as those accessed through the "admin/" endpoint.

Recommendations For Parallels Plesk Panel version 10.2.0 build1011110331.18, consider restricting access to the REST API endpoints, such as "admin/", to minimize the risk of exploitation until a proper fix is available. Additionally, avoid using crafted URL parameters that could trigger the parsing error or unspecified other impacts. At the moment, there is no information about a newer version that contains a fix for this vulnerability.