DirectAdmin CMD_EMAIL_VACATION_MODIFY user Variable XSS

2006-11-12T17:20:38
ID OSVDB:32674
Type osvdb
Reporter OSVDB
Modified 2006-11-12T17:20:38

Description

Technical Description

Exploitation requires user authentication.

Manual Testing Notes

http://[target]:2222/CMD_EMAIL_VACATION_MODIFY?DOMAIN=demo.com&user=XSS

References:

Related OSVDB ID: 32675 Related OSVDB ID: 32669 Related OSVDB ID: 32670 Related OSVDB ID: 32672 Related OSVDB ID: 32673 Related OSVDB ID: 32671 Related OSVDB ID: 32676 Other Advisory URL: http://aria-security.net/advisory/directadmin.txt Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-11/0204.html ISS X-Force ID: 30256 CVE-2006-5983 Bugtraq ID: 21049