CVE-2011-4735

Name of the Vulnerable Software and Affected Versions Parallels Plesk Panel version 10.2.0 build 20110407.20

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the Control Panel of Parallels Plesk Panel. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script. Specifically, this can be demonstrated by exploiting the smb/user/create file, among others.

Recommendations For Parallels Plesk Panel version 10.2.0 build 20110407.20, consider restricting access to the Control Panel and avoid using the vulnerable PHP scripts until a fix is available. As a temporary workaround, restrict input to the smb/user/create and other affected files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.