Parallels Virtuozzo Containers VZPP Interface File Manger Cross-Site Request Forgery Vulnerability

Parallels Virtuozzo Containers VZPP Interface File Manger Cross-Site Request Forgery Vulnerability

Parallels Virtuozzo Containers is prone to a cross-site request-forgery vulnerability.

Exploiting the issue will allow a remote attacker to use a victim's currently active session to perform certain file-management actions with the privileges of the user running the application. Successful exploits will compromise affected computers.

Virtuozzo Containers 3.0.0-25.4.swsoft and 4.0.0-365.6.swsoft are vulnerable; other versions are also affected.