PT-2024-16236 · Directadmin · Directadmin Evolution Skin
Dariusz Goåda
+1
·
Published
2024-12-20
·
Updated
2024-12-20
·
CVE-2024-10385
CVSS v4.0
8.6
High
| Vector | AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
DirectAdmin Evolution Skin versions prior to 1.668
Description
The ticket management system in DirectAdmin Evolution Skin is vulnerable to Cross-site Scripting (XSS), which allows a low-privileged user to inject and store malicious JavaScript code. If an admin views the ticket, the script might perform actions with their privileges, including command execution.
Recommendations
For versions prior to 1.668, upgrade to version 1.668 to fix the issue. As a temporary workaround, consider restricting access to the ticket management system to minimize the risk of exploitation. Avoid using the ticket management system until the issue is resolved by upgrading to the fixed version.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Directadmin Evolution Skin