Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4765


Vulnerability Score 4.3 4.3
CVE Id CVE-2011-4765
Last Modified 17 Jan 2012 11:16:17
Published 16 Dec 2011 06:55:12
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE



The Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by Wizard/Edit/Modules/ImageGallery/MultiImagesUpload and certain other files.

Vulnerable Systems


  • Parallels Plesk Small Business Panel 10.2.0



XF - ppsbp-httponlyflag-info-disc(72217)

Last Updated: 27 May 2016 10:57:56