Directadmin Controlpanel 1.50.1 /CMD_SELECT_USERS location cross site scripting

Det var en problematiskt svag punkt upptäckts i Directadmin Controlpanel 1.50.1. Som påverkar en okänd funktion filen /CMD_SELECT_USERS. Det finns inga kända uppgifter om åtgärder. Användningen av en alternativ produkt är användbar.

Fält11/01/2017 15:0919/07/2020 12:57
vendorDirectadminDirectadmin
nameControlpanelControlpanel
version1.50.11.50.1
file/CMD_SELECT_USERS/CMD_SELECT_USERS
argumentlocationlocation
input_valueCMD_ALL_USER_SHOW'"><script>alert(/IrIsT.Ir/)</script>CMD_ALL_USER_SHOW'"><script>alert(/IrIsT.Ir/)</script>
risk11
cvss2_vuldb_basescore3.53.5
cvss2_vuldb_tempscore3.03.0
cvss2_vuldb_avNN
cvss2_vuldb_acMM
cvss2_vuldb_ciNN
cvss2_vuldb_iiPP
cvss2_vuldb_aiNN
cvss3_meta_basescore3.53.5
cvss3_meta_tempscore3.23.2
cvss3_vuldb_basescore3.53.5
cvss3_vuldb_tempscore3.23.2
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_uiRR
cvss3_vuldb_sUU
cvss3_vuldb_cNN
cvss3_vuldb_iLL
cvss3_vuldb_aNN
date1484006400 (10/01/2017)1484006400 (10/01/2017)
locationBugtraqBugtraq
typeMailinglist PostMailinglist Post
urlhttp://seclists.org/bugtraq/2017/Jan/12http://seclists.org/bugtraq/2017/Jan/12
identifierDirectadmin ControlPanel 1.50.1 Cross-Site-Scripting VulnerabilityDirectadmin ControlPanel 1.50.1 Cross-Site-Scripting Vulnerability
availability11
date1484006400 (10/01/2017)1484006400 (10/01/2017)
publicity11
urlhttp://seclists.org/bugtraq/2017/Jan/12http://seclists.org/bugtraq/2017/Jan/12
developer_nameAmirAmir
languageURLURL
price_0day$0-$5k$0-$5k
sourcecodehttp://ip:2222/CMD_SELECT_USERS?select3=irist.ir(site)&dosuspend=Suspend&reason=none&location=CMD_ALL_USER_SHOW'"><script>alert(/IrIsT.Ir/)</script>http://ip:2222/CMD_SELECT_USERS?select3=irist.ir(site)&dosuspend=Suspend&reason=none&location=CMD_ALL_USER_SHOW'"><script>alert(/IrIsT.Ir/)</script>
cvss2_vuldb_ePOCPOC
cvss2_vuldb_rlNDND
cvss2_vuldb_rcURUR
cvss3_vuldb_ePP
cvss3_vuldb_rlXX
cvss3_vuldb_rcRR
person_nicknameAmirAmir
cvss2_vuldb_auSS
cvss3_vuldb_prLL
cwe080 (cross site scripting)

Interested in the pricing of exploits?

See the underground prices here!