CVE-2011-4851

CVE Database · CVE-2011-4851

CVE-2011-4851

· N/AModified

CVSS v3.1

N/A

EPSS

2.04%

Published

Dec 16, 2011

Modified

Apr 28, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation, as demonstrated by forms in server/google-tools/ and certain other files.

Weaknesses (CWE)

CWE-255

Affected Products (3)

parallels · parallels_plesk_panelvulnerable

microsoft · windows_2003_server

microsoft · windows_server_2008

References (4)

http://xss.cx/kb/parallels/xss-parallelspleskpanel.v10.4.4_build20111103.18-os_windows-2003-2008-reflected-cross-site-scripting-cwe79-capec86-javascript-injection-example-poc-report.html

https://exchange.xforce.ibmcloud.com/vulnerabilities/72226

http://xss.cx/kb/parallels/xss-parallelspleskpanel.v10.4.4_build20111103.18-os_windows-2003-2008-reflected-cross-site-scripting-cwe79-capec86-javascript-injection-example-poc-report.html

https://exchange.xforce.ibmcloud.com/vulnerabilities/72226

KEV Catalog EPSS Scores Vendors All CVEs