VAR-201112-0257
Vulnerability from variot - Updated: 2025-04-11 22:49Multiple cross-site scripting (XSS) vulnerabilities in the Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by Wizard/Edit/Modules/Image and certain other files. As evidenced in Wizard/Edit/Modules/Image and some other files
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201112-0257",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "plesk small business panel",
"scope": "eq",
"trust": 2.4,
"vendor": "parallels",
"version": "10.2.0"
},
{
"model": "plesk panel",
"scope": "eq",
"trust": 0.6,
"vendor": "parallels",
"version": "10.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "parallels plesk small business panel",
"version": "10.2.0"
},
{
"model": "plesk small business panel",
"scope": "eq",
"trust": 0.3,
"vendor": "parallels",
"version": "10.2"
}
],
"sources": [
{
"db": "IVD",
"id": "4d76edd0-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d719331-463f-11e9-8d17-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2011-5622"
},
{
"db": "BID",
"id": "73850"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003451"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-325"
},
{
"db": "NVD",
"id": "CVE-2011-4764"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:parallels:parallels_plesk_small_business_panel",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-003451"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "73850"
}
],
"trust": 0.3
},
"cve": "CVE-2011-4764",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2011-4764",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2011-5622",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "4d76edd0-2354-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "7d719331-463f-11e9-8d17-000c29342cb1",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2011-4764",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2011-4764",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2011-5622",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201112-325",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "4d76edd0-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "7d719331-463f-11e9-8d17-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "4d76edd0-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d719331-463f-11e9-8d17-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2011-5622"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003451"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-325"
},
{
"db": "NVD",
"id": "CVE-2011-4764"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site scripting (XSS) vulnerabilities in the Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by Wizard/Edit/Modules/Image and certain other files. As evidenced in Wizard/Edit/Modules/Image and some other files",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4764"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003451"
},
{
"db": "CNVD",
"id": "CNVD-2011-5622"
},
{
"db": "BID",
"id": "73850"
},
{
"db": "IVD",
"id": "4d76edd0-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d719331-463f-11e9-8d17-000c29342cb1"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-4764",
"trust": 3.7
},
{
"db": "CNVD",
"id": "CNVD-2011-5622",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201112-325",
"trust": 1.0
},
{
"db": "XF",
"id": "72216",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003451",
"trust": 0.8
},
{
"db": "BID",
"id": "73850",
"trust": 0.3
},
{
"db": "IVD",
"id": "4D76EDD0-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "7D719331-463F-11E9-8D17-000C29342CB1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "4d76edd0-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d719331-463f-11e9-8d17-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2011-5622"
},
{
"db": "BID",
"id": "73850"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003451"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-325"
},
{
"db": "NVD",
"id": "CVE-2011-4764"
}
]
},
"id": "VAR-201112-0257",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "4d76edd0-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d719331-463f-11e9-8d17-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2011-5622"
}
],
"trust": 1.52835563
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "4d76edd0-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d719331-463f-11e9-8d17-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2011-5622"
}
]
},
"last_update_date": "2025-04-11T22:49:49.884000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Parallels Small Business Panel",
"trust": 0.8,
"url": "http://www.parallels.com/products/small-business-panel/documentation/"
},
{
"title": "Patch for multiple cross-site scripting vulnerabilities in Parallels Plesk Small Business Panel",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/37455"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5622"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003451"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-003451"
},
{
"db": "NVD",
"id": "CVE-2011-4764"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://xss.cx/examples/plesk-reports/plesk-10.2.0-site-editor.html"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72216"
},
{
"trust": 0.9,
"url": "http://xforce.iss.net/xforce/xfdb/72216"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4764"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4764"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5622"
},
{
"db": "BID",
"id": "73850"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003451"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-325"
},
{
"db": "NVD",
"id": "CVE-2011-4764"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "4d76edd0-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d719331-463f-11e9-8d17-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2011-5622"
},
{
"db": "BID",
"id": "73850"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003451"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-325"
},
{
"db": "NVD",
"id": "CVE-2011-4764"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-12-19T00:00:00",
"db": "IVD",
"id": "4d76edd0-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2011-12-19T00:00:00",
"db": "IVD",
"id": "7d719331-463f-11e9-8d17-000c29342cb1"
},
{
"date": "2011-12-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5622"
},
{
"date": "2011-12-16T00:00:00",
"db": "BID",
"id": "73850"
},
{
"date": "2011-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003451"
},
{
"date": "2011-12-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201112-325"
},
{
"date": "2011-12-16T11:55:12.033000",
"db": "NVD",
"id": "CVE-2011-4764"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-12-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5622"
},
{
"date": "2011-12-16T00:00:00",
"db": "BID",
"id": "73850"
},
{
"date": "2011-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003451"
},
{
"date": "2011-12-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201112-325"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2011-4764"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201112-325"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Parallels Plesk Small Business Panel Multiple Cross-Site Scripting Vulnerabilities",
"sources": [
{
"db": "IVD",
"id": "4d76edd0-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d719331-463f-11e9-8d17-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2011-5622"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-325"
}
],
"trust": 1.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201112-325"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…