Parallels Plesk Small Business Panel 10.2.0 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by domains/sitebuilder_edit.php and certain other files.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2011-12-16T11:00:00
Updated: 2017-08-28T12:57:01
Reserved: 2011-12-11T00:00:00
Link: CVE-2011-4756
JSON object: View
NVD Information
Status : Modified
Published: 2011-12-16T11:55:11.250
Modified: 2017-08-29T01:30:34.553
Link: CVE-2011-4756
JSON object: View
Redhat Information
No data.
CWE