CVE-2007-1926

NONE EPSS 72.1%
Published Apr 10, 200719y ago · Modified Jun 16, 20262w ago
Find Similar
Published Apr 10, 2007 19y ago
Last Modified Jun 16, 2026 2w ago

Description

Cross-site scripting (XSS) vulnerability in JBMC Software DirectAdmin before 1.293 does not properly display log files, which allows remote authenticated users to inject arbitrary web script or HTML via (1) http or (2) ftp requests logged in /var/log/directadmin/security.log; (3) allows context-dependent attackers to inject arbitrary web script or HTML into /var/log/messages via a PHP script that invokes /usr/bin/logger; (4) allows local users to inject arbitrary web script or HTML into /var/log/messages by invoking /usr/bin/logger at the command line; and allows remote attackers to inject arbitrary web script or HTML via remote requests logged in the (5) /var/log/exim/rejectlog, (6) /var/log/exim/mainlog, (7) /var/log/proftpd/auth.log, (8) /var/log/httpd/error_log, (9) /var/log/httpd/access_log, (10) /var/log/directadmin/error.log, and (11) /var/log/directadmin/security.log files.

Threat Intelligence

EPSS Exploit Probability
72.1% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

Affected Products 1

VendorProductVersionRange
directadmindirectadmin* <1.29.3

References 7

Remediation

  • secunia.com http://secunia.com/advisories/24728
    ExploitPatchVendor Advisory
  • directadmin.com http://www.directadmin.com/versions.php
    Patch