Cross-site scripting (XSS) vulnerability in CMD_DOMAIN in JBMC Software DirectAdmin 1.403 allows remote attackers to inject arbitrary web script or HTML via the domain parameter.
oryginał ENCVSS Vector
AV:N/AC:M/Au:N/C:N/I:P/A:NDirectadmin
APPDirectadmin1.403
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
XSS
CWE
Referencje
Powiązane podatności
CVE-2017-18045CRITICAL9.8ten sam produkt
JBMC DirectAdmin before 1.52, when the email_ftp_password_change setting is nonzero, allows remote attackers t...
CVE-2025-56551HIGH8.2ten sam produkt
An issue in DirectAdmin v1.680 allows unauthorized attackers to manipulate the page layout and replace the leg...
CVE-2019-9625HIGH8.8ten sam produkt
JBMC DirectAdmin 1.55 allows CSRF via the /CMD_ACCOUNT_ADMIN URI to create a new admin account.
CVE-2009-1525HIGH8.5ten sam produkt
CMD_DB in JBMC Software DirectAdmin before 1.334 allows remote authenticated users to gain privileges via shel...
CVE-2019-11193MEDIUM6.1ten sam produkt
The FileManager in InfinitumIT DirectAdmin through v1.561 has XSS via CMD_FILE_MANAGER, CMD_SHOW_USER, and CMD...