DirectAdmin <= v1.30.2 XSS vuln.

Type securityvulns
Reporter Securityvulns
Modified 2007-09-11T00:00:00


DirectAdmin <= v1.30.2 XSS vuln.

Vuln. discovered by : r0t Date: 10 September 2007 vendor: orginal advisory: affected versions:v1.30.2 and previous

DirectAdmin contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "user" parameter in "CMD_BANDWIDTH_BREAKDOWN" isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Solution: Filter malicious characters and character sequences in a web proxy.