CVE-2007-1508
DirectAdmin - Cross-Site Scripting via CMD_USER_STATS RESULT Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2007-1508. PoCs published by Mandr4ke.
AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in DirectAdmin by injecting a malicious script via the CMD_USER_STATS parameter. The vulnerability arises from insufficient input sanitization, allowing arbitrary JavaScript execution in the context of the affected site.
Description
Cross-site scripting (XSS) vulnerability in CMD_USER_STATS in DirectAdmin allows remote attackers to inject arbitrary web script or HTML via the RESULT parameter, a different vector than CVE-2006-5983.
Exploits (1)
This exploit demonstrates a cross-site scripting (XSS) vulnerability in DirectAdmin by injecting a malicious script via the CMD_USER_STATS parameter. The vulnerability arises from insufficient input sanitization, allowing arbitrary JavaScript execution in the context of the affected site.