Vulnerabilities > CVE-2006-5983 - Cross-Site Scripting vulnerability in Jbmc Software Directadmin 1.28.1

047910
CVSS 6.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
SINGLE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
jbmc-software
exploit available
NVD
Published: 2006-11-20
Updated: 2018-10-17

Summary

Multiple cross-site scripting (XSS) vulnerabilities in JBMC Software DirectAdmin 1.28.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) user parameter to (a) CMD_SHOW_RESELLER or (b) CMD_SHOW_USER in the Admin level; the (2) TYPE parameter to (c) CMD_TICKET_CREATE or (d) CMD_TICKET, the (3) user parameter to (e) CMD_EMAIL_FORWARDER_MODIFY, (f) CMD_EMAIL_VACATION_MODIFY, or (g) CMD_FTP_SHOW, and the (4) name parameter to (h) CMD_EMAIL_LIST in the User level; or the (5) user parameter to (i) CMD_SHOW_USER in the Reseller level.

Vulnerable Configurations

Part Description Count
Application
Jbmc_Software
1

Exploit-Db

  • descriptionDirectAdmin 1.28/1.29 CMD_EMAIL_VACATION_MODIFY user Parameter XSS. CVE-2006-5983. Webapps exploit for php platform
    idEDB-ID:29004
    last seen2016-02-03
    modified2006-11-12
    published2006-11-12
    reporterAria-Security Team
    sourcehttps://www.exploit-db.com/download/29004/
    titleDirectAdmin 1.28/1.29 CMD_EMAIL_VACATION_MODIFY user Parameter XSS
  • descriptionDirectAdmin 1.28/1.29 CMD_FTP_SHOW DOMAIN Parameter XSS. CVE-2006-5983. Webapps exploit for php platform
    idEDB-ID:29006
    last seen2016-02-03
    modified2006-11-12
    published2006-11-12
    reporterAria-Security Team
    sourcehttps://www.exploit-db.com/download/29006/
    titleDirectAdmin 1.28/1.29 CMD_FTP_SHOW DOMAIN Parameter XSS
  • descriptionDirectAdmin 1.28/1.29 CMD_EMAIL_FORWARDER_MODIFY user Parameter XSS. CVE-2006-5983. Webapps exploit for php platform
    idEDB-ID:29002
    last seen2016-02-03
    modified2006-11-12
    published2006-11-12
    reporterAria-Security Team
    sourcehttps://www.exploit-db.com/download/29002/
    titleDirectAdmin 1.28/1.29 CMD_EMAIL_FORWARDER_MODIFY user Parameter XSS
  • descriptionDirectAdmin 1.28/1.29 CMD_EMAIL_LIST name Parameter XSS. CVE-2006-5983. Webapps exploit for php platform
    idEDB-ID:29005
    last seen2016-02-03
    modified2006-11-12
    published2006-11-12
    reporterAria-Security Team
    sourcehttps://www.exploit-db.com/download/29005/
    titleDirectAdmin 1.28/1.29 CMD_EMAIL_LIST name Parameter XSS
  • descriptionDirectAdmin 1.28/1.29 CMD_SHOW_USER user Parameter XSS. CVE-2006-5983. Webapps exploit for php platform
    idEDB-ID:29000
    last seen2016-02-03
    modified2006-11-12
    published2006-11-12
    reporterAria-Security Team
    sourcehttps://www.exploit-db.com/download/29000/
    titleDirectAdmin 1.28/1.29 CMD_SHOW_USER user Parameter XSS
  • descriptionDirectAdmin 1.28/1.29 CMD_TICKET type Parameter XSS. CVE-2006-5983. Webapps exploit for php platform
    idEDB-ID:29003
    last seen2016-02-03
    modified2006-11-12
    published2006-11-12
    reporterAria-Security Team
    sourcehttps://www.exploit-db.com/download/29003/
    titleDirectAdmin 1.28/1.29 CMD_TICKET type Parameter XSS
  • descriptionDirectAdmin 1.28/1.29 CMD_SHOW_RESELLER user Parameter XSS. CVE-2006-5983. Webapps exploit for php platform
    idEDB-ID:28999
    last seen2016-02-03
    modified2006-11-12
    published2006-11-12
    reporterAria-Security Team
    sourcehttps://www.exploit-db.com/download/28999/
    titleDirectAdmin 1.28/1.29 CMD_SHOW_RESELLER user Parameter XSS
  • descriptionDirectAdmin 1.28/1.29 CMD_TICKET_CREATE TYPE Parameter XSS. CVE-2006-5983. Webapps exploit for php platform
    idEDB-ID:29001
    last seen2016-02-03
    modified2006-11-12
    published2006-11-12
    reporterAria-Security Team
    sourcehttps://www.exploit-db.com/download/29001/
    titleDirectAdmin 1.28/1.29 CMD_TICKET_CREATE TYPE Parameter XSS

References