Parallels Plesk Panel XML External Entity Injection and Cross Site Scripting Vulnerabilities

Parallels Plesk Panel is prone to an XML External Entity injection vulnerability and a cross-site scripting vulnerability.

Attackers can exploit these issues to obtain potentially sensitive information and to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.

Parallels Plesk Panel 10.4.4 and 11.0.9 are vulnerable; other versions may also be vulnerable.


Privacy Statement
Copyright 2010, SecurityFocus