CVE-2007-1926
Description
Cross-site scripting (XSS) vulnerability in JBMC Software DirectAdmin before 1.293 does not properly display log files, which allows remote authenticated users to inject arbitrary web script or HTML via (1) http or (2) ftp requests logged in /var/log/directadmin/security.log; (3) allows context-dependent attackers to inject arbitrary web script or HTML into /var/log/messages via a PHP script that invokes /usr/bin/logger; (4) allows local users to inject arbitrary web script or HTML into /var/log/messages by invoking /usr/bin/logger at the command line; and allows remote attackers to inject arbitrary web script or HTML via remote requests logged in the (5) /var/log/exim/rejectlog, (6) /var/log/exim/mainlog, (7) /var/log/proftpd/auth.log, (8) /var/log/httpd/error_log, (9) /var/log/httpd/access_log, (10) /var/log/directadmin/error.log, and (11) /var/log/directadmin/security.log files.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:directadmin:directadmin:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:directadmin:directadmin:*:*:*:*:*:*:*:*range: <1.29.3
- (no CPE)range: <1.293
Patches
Vulnerability mechanics
References
7- www.directadmin.com/versions.phpnvdPatch
- secunia.com/advisories/24728nvdExploitPatchVendor Advisory
- securityreason.com/securityalert/2534nvdThird Party Advisory
- exchange.xforce.ibmcloud.com/vulnerabilities/33390nvdThird Party Advisory
- www.directadmin.com/features.phpnvdRelease Notes
- www.securityfocus.com/archive/1/464471/100/100/threadednvdBroken Link
- www.securityfocus.com/bid/23254nvdBroken Link
News mentions
0No linked articles in our index yet.