CVE-2011-4848

CVE Database · CVE-2011-4848

CVE-2011-4848

· N/AModified

CVSS v3.1

N/A

EPSS

1.05%

Published

Dec 16, 2011

Modified

Apr 28, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 includes a submitted password within an HTTP response body, which allows remote attackers to obtain sensitive information by sniffing the network, as demonstrated by password handling in certain files under client@1/domain@1/backup/local-repository/.

Weaknesses (CWE)

CWE-200

Affected Products (3)

parallels · parallels_plesk_panelvulnerable

microsoft · windows_2003_server

microsoft · windows_server_2008

References (4)

http://xss.cx/kb/parallels/xss-parallelspleskpanel.v10.4.4_build20111103.18-os_windows-2003-2008-reflected-cross-site-scripting-cwe79-capec86-javascript-injection-example-poc-report.html

https://exchange.xforce.ibmcloud.com/vulnerabilities/72223

http://xss.cx/kb/parallels/xss-parallelspleskpanel.v10.4.4_build20111103.18-os_windows-2003-2008-reflected-cross-site-scripting-cwe79-capec86-javascript-injection-example-poc-report.html

https://exchange.xforce.ibmcloud.com/vulnerabilities/72223

KEV Catalog EPSS Scores Vendors All CVEs