Article ID: 11224, created on Apr 4, 2011, last review on May 10, 2014

  • Applies to:
  • Plesk 8.2 for Linux/Unix
  • Plesk 8.1 for Linux/Unix
  • Plesk 8.0 for Linux/Unix
  • Plesk 7.5.x Reloaded
  • Plesk 7.1.x Reloaded
  • Plesk 7.0.x
  • Plesk 8.2 for Windows
  • Plesk 8.1 for Windows
  • Plesk 7.x for Windows


Parallels Plesk Panel is vulnerable to Open URL Redirection when "Enable" access format is enabled.


Disable option "@domain".

Additional information

URL Redirection Vulnerability is a URL spoofing attack, i.e. you go to and get (it's supposed that you are blind and miss real URL in browser address line).

aa571057eefb4e790d223bad9e05ace1 a914db3fdc7a53ddcfd1b2db8f5a1b9c 29d1e90fd304f01e6420fbe60f66f838 c45acecf540ecd42a4bbfb242ce02b1d 85a92ca67f2200d36506862eaa6ed6b8 097728dc0a325f6309aa7a3997d4cacc d3cd9f1770da96e5b5046d20def9f8eb b8ef5052d936e902043e41759118114e c0c38d2367acfa8909699e0b34b01dea 583c136e45a1f548d12213fea9b7833d 7000fbc03a7e92b93bc676a7c04a4ce6 5dd10e4b1e2dd7a2aa8a50c580dd41a2 47085b48068f187235a1eb6bafa960e5 b23c51a6195823476e308cc12db2be0e 56797cefb1efc9130f7c48a7d1db0f0c

Email subscription for changes to this article
Save as PDF