Lucene search

[email protected]NVD:CVE-2006-5983

HistoryNov 20, 2006 - 9:07 p.m.

CVE-2006-5983

2006-11-2021:07:00

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

AI Score

5.4

Confidence

High

EPSS

0.007

Percentile

80.5%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in JBMC Software DirectAdmin 1.28.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) user parameter to (a) CMD_SHOW_RESELLER or (b) CMD_SHOW_USER in the Admin level; the (2) TYPE parameter to © CMD_TICKET_CREATE or (d) CMD_TICKET, the (3) user parameter to (e) CMD_EMAIL_FORWARDER_MODIFY, (f) CMD_EMAIL_VACATION_MODIFY, or (g) CMD_FTP_SHOW, and the (4) name parameter to (h) CMD_EMAIL_LIST in the User level; or the (5) user parameter to (i) CMD_SHOW_USER in the Reseller level.

Affected configurations

Nvd

Node

jbmc_softwaredirectadminMatch1.28.1

VendorProductVersionCPE
jbmc_softwaredirectadmin1.28.1cpe:2.3:a:jbmc_software:directadmin:1.28.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
jbmc_software	directadmin	1.28.1	cpe:2.3:a:jbmc_software:directadmin:1.28.1:::::::*

References

aria-security.net/advisory/directadmin.txt

securityreason.com/securityalert/1885

www.securityfocus.com/archive/1/451376/100/0/threaded

www.securityfocus.com/bid/21049

exchange.xforce.ibmcloud.com/vulnerabilities/30256

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

AI Score

5.4

Confidence

High

EPSS

0.007

Percentile

80.5%

JSON

Related for NVD:CVE-2006-5983

exploitdb8 cve2 cvelist2 prion1 nvd1