CVE-2011-4849

CVE Database · CVE-2011-4849

CVE-2011-4849

· N/AModified

CVSS v3.1

N/A

EPSS

1.05%

Published

Dec 16, 2011

Modified

Apr 28, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session, as demonstrated by cookies used by help.php and certain other files.

Weaknesses (CWE)

CWE-200

Affected Products (3)

parallels · parallels_plesk_panelvulnerable

microsoft · windows_2003_server

microsoft · windows_server_2008

References (4)

http://xss.cx/kb/parallels/xss-parallelspleskpanel.v10.4.4_build20111103.18-os_windows-2003-2008-reflected-cross-site-scripting-cwe79-capec86-javascript-injection-example-poc-report.html

https://exchange.xforce.ibmcloud.com/vulnerabilities/72224

http://xss.cx/kb/parallels/xss-parallelspleskpanel.v10.4.4_build20111103.18-os_windows-2003-2008-reflected-cross-site-scripting-cwe79-capec86-javascript-injection-example-poc-report.html

https://exchange.xforce.ibmcloud.com/vulnerabilities/72224

KEV Catalog EPSS Scores Vendors All CVEs