Unrated severityNVD Advisory· Published Dec 16, 2011· Updated Apr 29, 2026

CVE-2011-4749

Description

The billing system for Parallels Plesk Panel 10.3.1_build1013110726.09 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation, as demonstrated by forms on certain pages under admin/index.php/default.

Affected products

Parallels/Parallels Plesk Panel
cpe:2.3:a:parallels:parallels_plesk_panel:10.3.1_build1013110726.09:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.09%20os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.htmlnvd
exchange.xforce.ibmcloud.com/vulnerabilities/72260nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000