VAR-201406-0490
Vulnerability from variot - Updated: 2022-05-17 02:03Parallels Plesk Panel is a host control panel solution from Parallels, USA. The solution supports web tools, built-in virtualization, customer experience, and more. An XML external entity injection vulnerability exists in Parallels Plesk Panel. An attacker could use this vulnerability to obtain sensitive information. Vulnerabilities exist in Parallels Plesk Panel 10.4.4 and 11.0.9. Other versions may also be affected. Attackers can exploit these issues to obtain potentially sensitive information and to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201406-0490",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "plesk panel",
"scope": "eq",
"trust": 1.0,
"vendor": "parallels",
"version": "10.4.4"
}
],
"sources": [
{
"db": "IVD",
"id": "3fea3924-1ed1-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7822e2-463f-11e9-944c-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2014-03746"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "z00",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201406-331"
}
],
"trust": 0.6
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-03746",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "3fea3924-1ed1-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "7d7822e2-463f-11e9-944c-000c29342cb1",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2014-03746",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "3fea3924-1ed1-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "7d7822e2-463f-11e9-944c-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "3fea3924-1ed1-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7822e2-463f-11e9-944c-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2014-03746"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Parallels Plesk Panel is a host control panel solution from Parallels, USA. The solution supports web tools, built-in virtualization, customer experience, and more. \nAn XML external entity injection vulnerability exists in Parallels Plesk Panel. An attacker could use this vulnerability to obtain sensitive information. Vulnerabilities exist in Parallels Plesk Panel 10.4.4 and 11.0.9. Other versions may also be affected. \nAttackers can exploit these issues to obtain potentially sensitive information and to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03746"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-331"
},
{
"db": "BID",
"id": "68030"
},
{
"db": "IVD",
"id": "3fea3924-1ed1-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7822e2-463f-11e9-944c-000c29342cb1"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "68030",
"trust": 1.5
},
{
"db": "CNVD",
"id": "CNVD-2014-03746",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201406-331",
"trust": 0.6
},
{
"db": "IVD",
"id": "3FEA3924-1ED1-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "7D7822E2-463F-11E9-944C-000C29342CB1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "3fea3924-1ed1-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7822e2-463f-11e9-944c-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2014-03746"
},
{
"db": "BID",
"id": "68030"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-331"
}
]
},
"id": "VAR-201406-0490",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "3fea3924-1ed1-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7822e2-463f-11e9-944c-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2014-03746"
}
],
"trust": 1.47077376
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "3fea3924-1ed1-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7822e2-463f-11e9-944c-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2014-03746"
}
]
},
"last_update_date": "2022-05-17T02:03:21.368000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/68030"
},
{
"trust": 0.6,
"url": "http://makthepla.net/blog/=/plesk"
},
{
"trust": 0.3,
"url": "http://www.parallels.com/products/plesk/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03746"
},
{
"db": "BID",
"id": "68030"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-331"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "3fea3924-1ed1-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7822e2-463f-11e9-944c-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2014-03746"
},
{
"db": "BID",
"id": "68030"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-331"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-06-19T00:00:00",
"db": "IVD",
"id": "3fea3924-1ed1-11e6-abef-000c29c66e3d"
},
{
"date": "2014-06-19T00:00:00",
"db": "IVD",
"id": "7d7822e2-463f-11e9-944c-000c29342cb1"
},
{
"date": "2014-06-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-03746"
},
{
"date": "2014-06-13T00:00:00",
"db": "BID",
"id": "68030"
},
{
"date": "2014-06-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201406-331"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-07-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-03746"
},
{
"date": "2014-06-20T00:04:00",
"db": "BID",
"id": "68030"
},
{
"date": "2014-06-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201406-331"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201406-331"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Parallels Plesk Panel XML External entity injection vulnerability",
"sources": [
{
"db": "IVD",
"id": "3fea3924-1ed1-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7822e2-463f-11e9-944c-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2014-03746"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-331"
}
],
"trust": 1.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201406-331"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…