DirectAdmin <= v1.30.2 XSS vuln.
Vuln. discovered by : r0t Date: 10 September 2007 vendor:http://www.directadmin.com/ orginal advisory: http://pridels-team.blogspot.com/2007/09/directadmin-v1302-xss-vuln.html affected versions:v1.30.2 and previous
DirectAdmin contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "user" parameter in "CMD_BANDWIDTH_BREAKDOWN" isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Solution: Filter malicious characters and character sequences in a web proxy.