CVE-2012-3842

Name of the Vulnerable Software and Affected Versions JBMC Software DirectAdmin version 1.403

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the CMD DOMAIN component. These vulnerabilities allow remote authenticated users with specific privileges to inject arbitrary web script or HTML. The injection can occur via the select0 or select8 parameters.

Recommendations For version 1.403, consider restricting access to the CMD DOMAIN component until a patch is available. As a temporary workaround, avoid using the select0 and select8 parameters in the affected API endpoint.