CVE-2006-5983
Directadmin - XSS
Title source: ruleDescription
Multiple cross-site scripting (XSS) vulnerabilities in JBMC Software DirectAdmin 1.28.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) user parameter to (a) CMD_SHOW_RESELLER or (b) CMD_SHOW_USER in the Admin level; the (2) TYPE parameter to (c) CMD_TICKET_CREATE or (d) CMD_TICKET, the (3) user parameter to (e) CMD_EMAIL_FORWARDER_MODIFY, (f) CMD_EMAIL_VACATION_MODIFY, or (g) CMD_FTP_SHOW, and the (4) name parameter to (h) CMD_EMAIL_LIST in the User level; or the (5) user parameter to (i) CMD_SHOW_USER in the Reseller level.
Exploits (8)
exploitdb
WRITEUP
VERIFIED
by Aria-Security Team · textwebappsphp
https://www.exploit-db.com/exploits/29004
exploitdb
WRITEUP
VERIFIED
by Aria-Security Team · textwebappsphp
https://www.exploit-db.com/exploits/29006
exploitdb
WRITEUP
VERIFIED
by Aria-Security Team · textwebappsphp
https://www.exploit-db.com/exploits/28999
exploitdb
WRITEUP
VERIFIED
by Aria-Security Team · textwebappsphp
https://www.exploit-db.com/exploits/29000
exploitdb
WRITEUP
VERIFIED
by Aria-Security Team · textwebappsphp
https://www.exploit-db.com/exploits/29003
exploitdb
WRITEUP
VERIFIED
by Aria-Security Team · textwebappsphp
https://www.exploit-db.com/exploits/29001
exploitdb
WRITEUP
VERIFIED
by Aria-Security Team · textwebappsphp
https://www.exploit-db.com/exploits/29005
exploitdb
WRITEUP
VERIFIED
by Aria-Security Team · textwebappsphp
https://www.exploit-db.com/exploits/29002
References (5)
Scores
EPSS
0.0047
EPSS Percentile
64.2%
Classification
CWE
CWE-79
Status
published
Affected Products (1)
directadmin/directadmin
Timeline
Published
Nov 20, 2006
Tracked Since
Feb 18, 2026