漏洞标题
N/A
漏洞描述信息
Parallels Plesk Small Business Panel 10.2.0中的Site Editor(aka SiteBuilder)功能对某些资源(如Content-Type)的字符集参数省略了,这可能导致远程攻击者通过利用涉及 Wizard/Edit/Modules/Image 等文件的解释冲突,产生未指定的影响。注意:这个漏洞可能只对客户端产生影响,而不是 Plesk 产品。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
The Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 omits the Content-Type header's charset parameter for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving Wizard/Edit/Modules/Image and certain other files. NOTE: it is possible that only clients, not the Plesk product, could be affected by this issue.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
Parallels Plesk Small Business Panel设计错误漏洞
漏洞描述信息
Parallels Plesk Small Business Panel 10.2.0版本中的Site Editor (也称为SiteBuilder)功能中存在漏洞,该功能删除了某些资源Content-Type头的charset参数。远程攻击者可通过利用涉及包含Wizard/Edit/Modules/Image和某些其他文件的解释冲突导致未明影响。
CVSS信息
N/A
漏洞类别
授权问题