1. CVE-Search
  2. CVE-2006-5983
ID CVE-2006-5983
Summary Multiple cross-site scripting (XSS) vulnerabilities in JBMC Software DirectAdmin 1.28.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) user parameter to (a) CMD_SHOW_RESELLER or (b) CMD_SHOW_USER in the Admin level; the (2) TYPE parameter to (c) CMD_TICKET_CREATE or (d) CMD_TICKET, the (3) user parameter to (e) CMD_EMAIL_FORWARDER_MODIFY, (f) CMD_EMAIL_VACATION_MODIFY, or (g) CMD_FTP_SHOW, and the (4) name parameter to (h) CMD_EMAIL_LIST in the User level; or the (5) user parameter to (i) CMD_SHOW_USER in the Reseller level.
References
Vulnerable Configurations
  • cpe:2.3:a:jbmc_software:directadmin:1.28.1:*:*:*:*:*:*:*
    cpe:2.3:a:jbmc_software:directadmin:1.28.1:*:*:*:*:*:*:*
CVSS
Base: 6.0 (as of 17-10-2018 - 21:46)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:S/C:P/I:P/A:P
refmap via4
bid 21049
bugtraq 20061112 DirectAdmin Multiple Cross Site Scription
misc http://aria-security.net/advisory/directadmin.txt
sreason 1885
xf directadmin-user-xss(30256)
Last major update 17-10-2018 - 21:46
Published 20-11-2006 - 21:07
Last modified 17-10-2018 - 21:46
Back to Top