(From sqlhacker)
http://xss.cx/examples/plesk-reports/xss-reflected-cross-site-scripting-cwe79-capec86-plesk-parallels-control-panel-version-20110407.20.html
RXSS, Reflected Cross Site Scripting, CWE-79, CAPEC-86, DORK, GHDB, Plesk
Control Panel Version 20110407.20Report generated by XSS.CX
at Tue May 24 05:40:53 CDT 2011 with respect to Plesk CPANEL for Windows
Build 20110407.20 on Windows 2008 R2 Server, 64 Bit
Plesk SMB 10.2 for Windows Report of October
2010
| Plesk SMB 10.2 - Site Editor for Windows Report of October
2010
------------------------------
Executive SummaryParallels Plesk Control Panel for Windows is vulnerable to
XSS and other injection vulnerabilities beginning with a user of least-privs
when logged into the Control Panel. Various exploit are possible from XSS to
DoS. This report is specific to proving CWE-79, XSS as a user of least
authentication within the Control Panel Application. Initially reported
(privately) to Plesk in October 2010 in Parallels Ticket #1020740, these
vulnerabilities, and others, still exist in the current releases of the
Control Panel Products.[image: XSS in Parallels Plesk Control Panel 10.2 for
Windows, XSS, DORK, GHDB, Cross Site Scripting, CWE-79,
CAPEC-86]
------------------------------
CPanel Application Crash[image: XSS in Parallels Plesk Control Panel 10.2
for Windows, XSS, DORK, GHDB, Cross Site Scripting, CWE-79,
CAPEC-86]
------------------------------
*Stored XSS PoC*[image: XSS in Parallels Plesk Control Panel 10.2 for
Windows, XSS, DORK, GHDB, Cross Site Scripting, CWE-79,
CAPEC-86]Plesk
Control Panel Version 20110407.20
*Application Crash*
[image: XSS in Parallels Plesk Control Panel 10.2 for Windows, XSS, DORK,
GHDB, Cross Site Scripting, CWE-79,
CAPEC-86]Plesk
Control Panel Version 20110407.20
Immunity Debugger Screen Grab of W3P.EXE Program Termination, Call Stack,
Registers, PHP5ts
[image: XSS in Parallels Plesk Control Panel 10.2 for Windows, XSS, DORK,
GHDB, Cross Site Scripting, CWE-79,
CAPEC-86]