CVE-2011-4749 Information

Description

The billing system for Parallels Plesk Panel 10.3.1_build1013110726.09 generates a password form field without disabling the autocomplete feature which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation as demonstrated by forms on certain pages under admin/index.php/default.

Reference

http://xss.cx/examples/plesk-reports/plesk-parallels-controlpanel-psa.v.10.3.1_build1013110726.0920os_redhat.el6-billing-system-plugin-javascript-injection-example-poc-report.html https://exchange.xforce.ibmcloud.com/vulnerabilities/72260