Sign-up

ID

VAR-201112-0257


CVE

CVE-2011-4764


TITLE

Parallels Plesk Small Business Panel Multiple Cross-Site Scripting Vulnerabilities

Trust: 1.6

sources: IVD: 4d76edd0-2354-11e6-abef-000c29c66e3d // IVD: 7d719331-463f-11e9-8d17-000c29342cb1 // CNVD: CNVD-2011-5622 // CNNVD: CNNVD-201112-325

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in the Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by Wizard/Edit/Modules/Image and certain other files. As evidenced in Wizard/Edit/Modules/Image and some other files

Trust: 2.79

sources: NVD: CVE-2011-4764 // JVNDB: JVNDB-2011-003451 // CNVD: CNVD-2011-5622 // BID: 73850 // IVD: 4d76edd0-2354-11e6-abef-000c29c66e3d // IVD: 7d719331-463f-11e9-8d17-000c29342cb1

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.0

sources: IVD: 4d76edd0-2354-11e6-abef-000c29c66e3d // IVD: 7d719331-463f-11e9-8d17-000c29342cb1 // CNVD: CNVD-2011-5622

AFFECTED PRODUCTS

vendor:parallelsmodel:plesk small business panelscope:eqversion:10.2.0

Trust: 2.4

vendor:parallelsmodel:plesk panelscope:eqversion:10.0

Trust: 0.6

vendor:parallels plesk small business panelmodel: - scope:eqversion:10.2.0

Trust: 0.4

vendor:parallelsmodel:plesk small business panelscope:eqversion:10.2

Trust: 0.3

sources: IVD: 4d76edd0-2354-11e6-abef-000c29c66e3d // IVD: 7d719331-463f-11e9-8d17-000c29342cb1 // CNVD: CNVD-2011-5622 // BID: 73850 // JVNDB: JVNDB-2011-003451 // CNNVD: CNNVD-201112-325 // NVD: CVE-2011-4764

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-4764
value: MEDIUM

Trust: 1.0

NVD: CVE-2011-4764
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2011-5622
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201112-325
value: MEDIUM

Trust: 0.6

IVD: 4d76edd0-2354-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

IVD: 7d719331-463f-11e9-8d17-000c29342cb1
value: MEDIUM

Trust: 0.2

nvd@nist.gov: CVE-2011-4764
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2011-5622
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 4d76edd0-2354-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 7d719331-463f-11e9-8d17-000c29342cb1
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: 4d76edd0-2354-11e6-abef-000c29c66e3d // IVD: 7d719331-463f-11e9-8d17-000c29342cb1 // CNVD: CNVD-2011-5622 // JVNDB: JVNDB-2011-003451 // CNNVD: CNNVD-201112-325 // NVD: CVE-2011-4764

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2011-003451 // NVD: CVE-2011-4764

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201112-325

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201112-325

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2011-003451

PATCH
title:Parallels Small Business Panelurl:http://www.parallels.com/products/small-business-panel/documentation/
Trust: 0.8
title:Patch for multiple cross-site scripting vulnerabilities in Parallels Plesk Small Business Panelurl:https://www.cnvd.org.cn/patchInfo/show/37455
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2011-5622 // 
            
            
            
            JVNDB: JVNDB-2011-003451

EXTERNAL IDS
db:NVDid:CVE-2011-4764
Trust: 3.7
db:CNVDid:CNVD-2011-5622
Trust: 1.0
db:CNNVDid:CNNVD-201112-325
Trust: 1.0
db:XFid:72216
Trust: 0.9
db:JVNDBid:JVNDB-2011-003451
Trust: 0.8
db:BIDid:73850
Trust: 0.3
db:IVDid:4D76EDD0-2354-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:IVDid:7D719331-463F-11E9-8D17-000C29342CB1
Trust: 0.2
sources:
            
            
            IVD: 4d76edd0-2354-11e6-abef-000c29c66e3d // 
            
            
            
            IVD: 7d719331-463f-11e9-8d17-000c29342cb1 // 
            
            
            
            CNVD: CNVD-2011-5622 // 
            
            
            
            BID: 73850 // 
            
            
            
            JVNDB: JVNDB-2011-003451 // 
            
            
            
            CNNVD: CNNVD-201112-325 // 
            
            
            
            NVD: CVE-2011-4764

REFERENCES
url:http://xss.cx/examples/plesk-reports/plesk-10.2.0-site-editor.html
Trust: 1.9
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/72216
Trust: 1.0
url:http://xforce.iss.net/xforce/xfdb/72216
Trust: 0.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4764
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4764
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2011-5622 // 
            
            
            
            BID: 73850 // 
            
            
            
            JVNDB: JVNDB-2011-003451 // 
            
            
            
            CNNVD: CNNVD-201112-325 // 
            
            
            
            NVD: CVE-2011-4764

CREDITS
Unknown
Trust: 0.3
sources:
            
            
            BID: 73850

SOURCES
db:IVDid:4d76edd0-2354-11e6-abef-000c29c66e3d
db:IVDid:7d719331-463f-11e9-8d17-000c29342cb1
db:CNVDid:CNVD-2011-5622
db:BIDid:73850
db:JVNDBid:JVNDB-2011-003451
db:CNNVDid:CNNVD-201112-325
db:NVDid:CVE-2011-4764

LAST UPDATE DATE
2025-04-11T22:49:49.884000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2011-5622date:2011-12-19T00:00:00
db:BIDid:73850date:2011-12-16T00:00:00
db:JVNDBid:JVNDB-2011-003451date:2011-12-20T00:00:00
db:CNNVDid:CNNVD-201112-325date:2011-12-19T00:00:00
db:NVDid:CVE-2011-4764date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:IVDid:4d76edd0-2354-11e6-abef-000c29c66e3ddate:2011-12-19T00:00:00
db:IVDid:7d719331-463f-11e9-8d17-000c29342cb1date:2011-12-19T00:00:00
db:CNVDid:CNVD-2011-5622date:2011-12-19T00:00:00
db:BIDid:73850date:2011-12-16T00:00:00
db:JVNDBid:JVNDB-2011-003451date:2011-12-20T00:00:00
db:CNNVDid:CNNVD-201112-325date:2011-12-19T00:00:00
db:NVDid:CVE-2011-4764date:2011-12-16T11:55:12.033