Unrated severityNVD Advisory· Published Mar 16, 2009· Updated Apr 23, 2026

CVE-2008-6479

Description

Cross-site request forgery (CSRF) vulnerability in the "change password" feature in the VZPP web interface for Parallels Virtuozzo 25.4.swsoft (build 3.0.0-25.4.swsoft) allows remote attackers to modify the password via a link or IMG tag to vz/cp/pwd.

Affected products

Parallels/Parallels Virtuozzo
cpe:2.3:a:parallels:parallels_virtuozzo:25.4swsoft:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/28593nvdExploit
secunia.com/advisories/29675nvdVendor Advisory
osvdb.org/44394nvd
px.dynalias.org/files/virtuozzo_pwd.html.txtnvd
www.securityfocus.com/archive/1/490409/100/0/threadednvd
exchange.xforce.ibmcloud.com/vulnerabilities/41638nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000