CVE-2011-4847

CVE Database · CVE-2011-4847

CVE-2011-4847

· N/AModified

CVSS v3.1

N/A

EPSS

0.69%

Published

Dec 16, 2011

Modified

Apr 28, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

SQL injection vulnerability in the Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 allows remote attackers to execute arbitrary SQL commands via a certificateslist cookie to notification@/.

Weaknesses (CWE)

CWE-89

Affected Products (3)

parallels · parallels_plesk_panelvulnerable

microsoft · windows_2003_server

microsoft · windows_server_2008

References (4)

http://xss.cx/kb/parallels/xss-parallelspleskpanel.v10.4.4_build20111103.18-os_windows-2003-2008-reflected-cross-site-scripting-cwe79-capec86-javascript-injection-example-poc-report.html

https://exchange.xforce.ibmcloud.com/vulnerabilities/72222

http://xss.cx/kb/parallels/xss-parallelspleskpanel.v10.4.4_build20111103.18-os_windows-2003-2008-reflected-cross-site-scripting-cwe79-capec86-javascript-injection-example-poc-report.html

https://exchange.xforce.ibmcloud.com/vulnerabilities/72222

KEV Catalog EPSS Scores Vendors All CVEs