Parallels Parallels Plesk Panel — known CVE vulnerabilities
Every CVE whose affected-product data names Parallels Parallels Plesk Panel, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (42)
CVE-2011-4743 — CVSS 10.0 (critical): The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 omits the Content-Type header's charset parameter for certain…
CVE-2011-4739 — CVSS 10.0 (critical): The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 generates a password form field without disabling the autocomplete…
CVE-2011-4727 — CVSS 10.0 (critical): The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 does not properly validate string data that is intended…
CVE-2011-4732 — CVSS 10.0 (critical): The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 omits the Content-Type header's charset parameter for…
CVE-2011-4733 — CVSS 10.0 (critical): The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 sends incorrect Content-Type headers for certain…
CVE-2011-4749 — CVSS 10.0 (critical): The billing system for Parallels Plesk Panel 10.3.1_build1013110726.09 generates a password form field without disabling the autocomplete…
CVE-2011-4744 — CVSS 10.0 (critical): The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 sends incorrect Content-Type headers for certain resources, which might…
CVE-2011-4730 — CVSS 10.0 (critical): The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 generates a password form field without disabling the…
CVE-2011-4855 — CVSS 9.3 (critical): The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 omits the Content-Type header's charset parameter for certain resources…
CVE-2011-4854 — CVSS 9.3 (critical): The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 does not ensure that Content-Type HTTP headers match the corresponding…
CVE-2011-4856 — CVSS 9.3 (critical): The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 sends incorrect Content-Type headers for certain resources, which might…
CVE-2011-4851 — CVSS 9.3 (critical): The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 generates a password form field without disabling the autocomplete…
CVE-2011-4725 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in the Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 allow remote…
CVE-2011-4734 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in the Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 allow remote attackers to…
CVE-2011-4847 — CVSS 7.5 (high): SQL injection vulnerability in the Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 allows remote attackers to execute…
CVE-2012-1557 — CVSS 7.5 (high): SQL injection vulnerability in admin/plib/api-rpc/Agent.php in Parallels Plesk Panel 7.x and 8.x before 8.6 MU#2, 9.x before 9.5 MU#11…
CVE-2013-4878 — CVSS 7.5 (high): The default configuration of Parallels Plesk Panel 9.0.x and 9.2.x on UNIX, and Small Business Panel 10.x on UNIX, has an improper…
CVE-2013-0133 — CVSS 7.2 (high): Untrusted search path vulnerability in /usr/local/psa/admin/sbin/wrapper in Parallels Plesk Panel 11.0.9 allows local users to gain…
CVE-2013-0132 — CVSS 6.8 (medium): The suexec implementation in Parallels Plesk Panel 11.0.9 contains a cgi-wrapper whitelist entry, which allows user-assisted remote…
CVE-2019-18793 — CVSS 6.1 (medium): Parallels Plesk Panel 9.5 allows XSS in target/locales/tr-TR/help/index.htm? via the "fileName" parameter.
CVE-2011-4746 — CVSS 5.0 (medium): The billing system for Parallels Plesk Panel 10.3.1_build1013110726.09 does not disable the SSL 2.0 protocol, which makes it easier for…
CVE-2011-4747 — CVSS 5.0 (medium): The billing system for Parallels Plesk Panel 10.3.1_build1013110726.09 does not prevent the use of weak ciphers for SSL sessions, which…
CVE-2011-4748 — CVSS 5.0 (medium): The billing system for Parallels Plesk Panel 10.3.1_build1013110726.09 has web pages containing e-mail addresses that are not intended for…
CVE-2011-4742 — CVSS 5.0 (medium): The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 has web pages containing e-mail addresses that are not intended for…
CVE-2011-4737 — CVSS 5.0 (medium): The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 includes a submitted password within an HTTP response body, which…
CVE-2011-4736 — CVSS 5.0 (medium): The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 receives cleartext password input over HTTP, which allows remote…
CVE-2011-4731 — CVSS 5.0 (medium): The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 includes an RFC 1918 IP address within a web page, which…
CVE-2011-4729 — CVSS 5.0 (medium): The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 does not include the HTTPOnly flag in a Set-Cookie…
CVE-2011-4728 — CVSS 5.0 (medium): The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 does not set the secure flag for a cookie in an https…
CVE-2011-4738 — CVSS 5.0 (medium): The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 does not include the HTTPOnly flag in a Set-Cookie header for a cookie…
CVE-2011-4741 — CVSS 5.0 (medium): The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 includes a database connection string within a web page, which allows…
CVE-2011-4735 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in the Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 allow remote…
CVE-2011-4852 — CVSS 4.3 (medium): The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 generates web pages containing external links in response to GET…
CVE-2011-4853 — CVSS 4.3 (medium): The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 includes an RFC 1918 IP address within a web page, which allows remote…
CVE-2011-4745 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in the billing system for Parallels Plesk Panel 10.3.1_build1013110726.09 allow remote…
CVE-2011-4740 — CVSS 4.3 (medium): The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 generates web pages containing external links in response to GET…
CVE-2011-4726 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in the Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18…
CVE-2011-4777 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the Site Editor (aka SiteBuilder) feature in Parallels Plesk Panel 10.4.4_build20111103.18…
CVE-2011-4776 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in the Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 allow remote…
CVE-2011-4848 — CVSS 4.3 (medium): The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 includes a submitted password within an HTTP response body, which allows…
CVE-2011-4849 — CVSS 4.3 (medium): The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 does not set the secure flag for a cookie in an https session, which…
CVE-2011-4850 — CVSS 4.3 (medium): The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 does not include the HTTPOnly flag in a Set-Cookie header for a cookie…