Vulnerability Details : CVE-2011-4852
Potential exploit
The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 generates web pages containing external links in response to GET requests with query strings for enterprise/mobile-monitor/ and certain other files, which makes it easier for remote attackers to obtain sensitive information by reading (1) web-server access logs or (2) web-server Referer logs, related to a "cross-domain Referer leakage" issue.
Products affected by CVE-2011-4852
- cpe:2.3:a:parallels:parallels_plesk_panel:10.4.4_build20111103.18:*:*:*:*:*:*:*When used together with: Microsoft » Windows 2003 Server
Exploit prediction scoring system (EPSS) score for CVE-2011-4852
0.23%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 43 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-4852
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2011-4852
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-4852
-
http://xss.cx/kb/parallels/xss-parallelspleskpanel.v10.4.4_build20111103.18-os_windows-2003-2008-reflected-cross-site-scripting-cwe79-capec86-javascript-injection-example-poc-report.html
CVE-2011-4776, CVE-2011-4777, XSS, Reflected Cross Site Scripting, CWE-79, CAPEC-86, DORK, GHDB, BHDB, Parallels Plesk Panel v10.4.4_build20111103.18 os_Windows 2003/2008Exploit
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/72095
Parallels Plesk Panel external links information disclsoure CVE-2011-4852 Vulnerability Report
Jump to