CVE-2011-4745

Name of the Vulnerable Software and Affected Versions Parallels Plesk Panel version 10.3.1 build1013110726.09

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the billing system. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script. This is demonstrated by files such as admin/index.php/default and certain other files.

Recommendations For Parallels Plesk Panel version 10.3.1 build1013110726.09, consider restricting access to the billing system until a fix is available. As a temporary workaround, avoid using the vulnerable PHP scripts, such as those accessed through admin/index.php/default, to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.