Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by Wizard/Edit/Modules/ImageGallery/MultiImagesUpload and certain other files.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Parallels Plesk Small Business Panel信息泄露漏洞
Vulnerability Description
Parallels Plesk Small Business Panel 10.2.0版本的Site Editor (也称为SiteBuilder)功能中存在漏洞,此功能在cookie的Set-Cookie头中未包含HTTPOnly标志。远程攻击者可借助访问该cookie的脚本获取敏感信息,该漏洞已在Wizard/Edit/Modules/ImageGallery/MultiImagesUpload和某些其他文件使用的cookies中被证实。
CVSS Information
N/A
Vulnerability Type
N/A