CVE-2006-5983
published 2006-11-20CVE-2006-5983: Multiple cross-site scripting (XSS) vulnerabilities in JBMC Software DirectAdmin 1.28.1 allow remote authenticated users to inject arbitrary web script or HTML…
PriorityP423medium6CVSS 2.0
AVNACMAuSCPIPAP
EXPLOIT
EPSS
1.76%
75.2th percentile
Multiple cross-site scripting (XSS) vulnerabilities in JBMC Software DirectAdmin 1.28.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) user parameter to (a) CMD_SHOW_RESELLER or (b) CMD_SHOW_USER in the Admin level; the (2) TYPE parameter to (c) CMD_TICKET_CREATE or (d) CMD_TICKET, the (3) user parameter to (e) CMD_EMAIL_FORWARDER_MODIFY, (f) CMD_EMAIL_VACATION_MODIFY, or (g) CMD_FTP_SHOW, and the (4) name parameter to (h) CMD_EMAIL_LIST in the User level; or the (5) user parameter to (i) CMD_SHOW_USER in the Reseller level.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| directadmin | directadmin | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-p77v-j929-9938: Multiple cross-site scripting (XSS) vulnerabilities in JBMC Software DirectAdmin 1
ghsa_unreviewed·2022-05-01
CVE-2006-5983 [MEDIUM] CWE-79 GHSA-p77v-j929-9938: Multiple cross-site scripting (XSS) vulnerabilities in JBMC Software DirectAdmin 1
Multiple cross-site scripting (XSS) vulnerabilities in JBMC Software DirectAdmin 1.28.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) user parameter to (a) CMD_SHOW_RESELLER or (b) CMD_SHOW_USER in the Admin level; the (2) TYPE parameter to (c) CMD_TICKET_CREATE or (d) CMD_TICKET, the (3) user parameter to (e) CMD_EMAIL_FORWARDER_MODIFY, (f) CMD_EMAIL_VACATION_MODIFY, or (g) CMD_FTP_SHOW, and the (4) name parameter to (h) CMD_EMAIL_LIST in the User level; or the (5) user parameter to (i) CMD_SHOW_USER in the Reseller level.
GHSA
GHSA-pqc5-6q65-965r: Cross-site scripting (XSS) vulnerability in CMD_USER_STATS in DirectAdmin allows remote attackers to inject arbitrary web script or HTML via the RESUL
ghsa_unreviewed·2022-05-01·CVSS 6.0
CVE-2007-1508 [MEDIUM] CWE-79 GHSA-pqc5-6q65-965r: Cross-site scripting (XSS) vulnerability in CMD_USER_STATS in DirectAdmin allows remote attackers to inject arbitrary web script or HTML via the RESUL
Cross-site scripting (XSS) vulnerability in CMD_USER_STATS in DirectAdmin allows remote attackers to inject arbitrary web script or HTML via the RESULT parameter, a different vector than CVE-2006-5983.
No detection rules found.
Exploit-DB
DirectAdmin 1.28/1.29 - 'CMD_EMAIL_VACATION_MODIFY' Cross-Site Scripting
exploitdb·2006-11-12
CVE-2006-5983 DirectAdmin 1.28/1.29 - 'CMD_EMAIL_VACATION_MODIFY' Cross-Site Scripting
DirectAdmin 1.28/1.29 - 'CMD_EMAIL_VACATION_MODIFY' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/21049/info
DirectAdmin is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Versions 1.28.1 and 2.29 are vulnerable; other versions may also be affected.
http://www.example.com:2222/CMD_EMAIL_VACATION_MODIFY?DOMAIN=demo.com&user=XSS
Exploit-DB
DirectAdmin 1.28/1.29 - 'CMD_EMAIL_FORWARDER_MODIFY' Cross-Site Scripting
exploitdb·2006-11-12
CVE-2006-5983 DirectAdmin 1.28/1.29 - 'CMD_EMAIL_FORWARDER_MODIFY' Cross-Site Scripting
DirectAdmin 1.28/1.29 - 'CMD_EMAIL_FORWARDER_MODIFY' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/21049/info
DirectAdmin is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Versions 1.28.1 and 2.29 are vulnerable; other versions may also be affected.
http://www.example.com:2222/CMD_EMAIL_FORWARDER_MODIFY?DOMAIN=demo.com&user=XSS
Exploit-DB
DirectAdmin 1.28/1.29 - 'CMD_EMAIL_LIST' Cross-Site Scripting
exploitdb·2006-11-12
CVE-2006-5983 DirectAdmin 1.28/1.29 - 'CMD_EMAIL_LIST' Cross-Site Scripting
DirectAdmin 1.28/1.29 - 'CMD_EMAIL_LIST' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/21049/info
DirectAdmin is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Versions 1.28.1 and 2.29 are vulnerable; other versions may also be affected.
http://www.example.com:2222/CMD_EMAIL_LIST?action=view&DOMAIN=demo.com&name=XSS
Exploit-DB
DirectAdmin 1.28/1.29 - 'CMD_TICKET_CREATE' Cross-Site Scripting
exploitdb·2006-11-12
CVE-2006-5983 DirectAdmin 1.28/1.29 - 'CMD_TICKET_CREATE' Cross-Site Scripting
DirectAdmin 1.28/1.29 - 'CMD_TICKET_CREATE' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/21049/info
DirectAdmin is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Versions 1.28.1 and 2.29 are vulnerable; other versions may also be affected.
http://www.example.com:2222/CMD_TICKET_CREATE?TYPE=XSS
Exploit-DB
DirectAdmin 1.28/1.29 - 'CMD_FTP_SHOW' Cross-Site Scripting
exploitdb·2006-11-12
CVE-2006-5983 DirectAdmin 1.28/1.29 - 'CMD_FTP_SHOW' Cross-Site Scripting
DirectAdmin 1.28/1.29 - 'CMD_FTP_SHOW' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/21049/info
DirectAdmin is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Versions 1.28.1 and 2.29 are vulnerable; other versions may also be affected.
http://www.example.com:2222/CMD_FTP_SHOW?DOMAIN=demo.com&user=XSS
Exploit-DB
DirectAdmin 1.28/1.29 - 'CMD_TICKET' Cross-Site Scripting
exploitdb·2006-11-12
CVE-2006-5983 DirectAdmin 1.28/1.29 - 'CMD_TICKET' Cross-Site Scripting
DirectAdmin 1.28/1.29 - 'CMD_TICKET' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/21049/info
DirectAdmin is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Versions 1.28.1 and 2.29 are vulnerable; other versions may also be affected.
http://www.example.com:2222/CMD_TICKET?action=view&number=000000044&type=XSS
Exploit-DB
DirectAdmin 1.28/1.29 - 'CMD_SHOW_USER' Cross-Site Scripting
exploitdb·2006-11-12
CVE-2006-5983 DirectAdmin 1.28/1.29 - 'CMD_SHOW_USER' Cross-Site Scripting
DirectAdmin 1.28/1.29 - 'CMD_SHOW_USER' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/21049/info
DirectAdmin is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Versions 1.28.1 and 2.29 are vulnerable; other versions may also be affected.
http://www.example.com:2222/CMD_SHOW_USER?user=XSS
Exploit-DB
DirectAdmin 1.28/1.29 - 'CMD_SHOW_RESELLER' Cross-Site Scripting
exploitdb·2006-11-12
CVE-2006-5983 DirectAdmin 1.28/1.29 - 'CMD_SHOW_RESELLER' Cross-Site Scripting
DirectAdmin 1.28/1.29 - 'CMD_SHOW_RESELLER' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/21049/info
DirectAdmin is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Versions 1.28.1 and 2.29 are vulnerable; other versions may also be affected.
http://www.example.com:2222/CMD_SHOW_RESELLER?userXSS
No writeups or analysis indexed.
http://aria-security.net/advisory/directadmin.txthttp://securityreason.com/securityalert/1885http://www.securityfocus.com/archive/1/451376/100/0/threadedhttp://www.securityfocus.com/bid/21049https://exchange.xforce.ibmcloud.com/vulnerabilities/30256http://aria-security.net/advisory/directadmin.txthttp://securityreason.com/securityalert/1885http://www.securityfocus.com/archive/1/451376/100/0/threadedhttp://www.securityfocus.com/bid/21049https://exchange.xforce.ibmcloud.com/vulnerabilities/30256
2006-11-20
Published