N/A

Cross-site scripting (XSS) vulnerability in JBMC Software DirectAdmin before 1.293 does not properly display log files, which allows remote authenticated users to inject arbitrary web script or HTML via (1) http or (2) ftp requests logged in /var/log/directadmin/security.log; (3) allows context-dependent attackers to inject arbitrary web script or HTML into /var/log/messages via a PHP script that invokes /usr/bin/logger; (4) allows local users to inject arbitrary web script or HTML into /var/log/messages by invoking /usr/bin/logger at the command line; and allows remote attackers to inject arbitrary web script or HTML via remote requests logged in the (5) /var/log/exim/rejectlog, (6) /var/log/exim/mainlog, (7) /var/log/proftpd/auth.log, (8) /var/log/httpd/error_log, (9) /var/log/httpd/access_log, (10) /var/log/directadmin/error.log, and (11) /var/log/directadmin/security.log files.

N/A

N/A

JBMC Software DirectAdmin 多个跨站脚本攻击漏洞

JBMC Software DirectAdmin 存在跨站脚本攻击漏洞。如果它没有正确的显示登录文件的话，远程认证用户可以借助登录到/var/log/directadmin/security.log中的(1)http或(2)ftp请求，注入任意的web脚本或HTML；(3)见机行事的攻击者可以借助调用/usr/bin/logger的PHP脚本，注入任意的web脚本或HTML到/var/log/messages；(4)本地用户可以调用命令行中的/usr/bin/logger，注入任意的web脚本或HTML

N/A

N/A