CVE-2011-4749

2011-12-1611:00:00

mitre

www.cve.org

AI Score

Confidence

Low

EPSS

0.005

Percentile

77.4%

JSON

The billing system for Parallels Plesk Panel 10.3.1_build1013110726.09 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation, as demonstrated by forms on certain pages under admin/index.php/default.

References

xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html

exchange.xforce.ibmcloud.com/vulnerabilities/72260