1. CVE-Search
  2. CVE-2007-3501
ID CVE-2007-3501
Summary Cross-site scripting (XSS) vulnerability in CMD_USER_STATS in DirectAdmin 1.30.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the domain parameter, a different vector than CVE-2007-1508.
References
Vulnerable Configurations
  • cpe:2.3:a:directadmin:directadmin:0.95:*:*:*:*:*:*:*
    cpe:2.3:a:directadmin:directadmin:0.95:*:*:*:*:*:*:*
  • cpe:2.3:a:directadmin:directadmin:1:*:*:*:*:*:*:*
    cpe:2.3:a:directadmin:directadmin:1:*:*:*:*:*:*:*
  • cpe:2.3:a:directadmin:directadmin:1.1:*:*:*:*:*:*:*
    cpe:2.3:a:directadmin:directadmin:1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:directadmin:directadmin:1.2:*:*:*:*:*:*:*
    cpe:2.3:a:directadmin:directadmin:1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:directadmin:directadmin:1.3:*:*:*:*:*:*:*
    cpe:2.3:a:directadmin:directadmin:1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:directadmin:directadmin:1.4:*:*:*:*:*:*:*
    cpe:2.3:a:directadmin:directadmin:1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:directadmin:directadmin:1.5:*:*:*:*:*:*:*
    cpe:2.3:a:directadmin:directadmin:1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:directadmin:directadmin:1.06:*:*:*:*:*:*:*
    cpe:2.3:a:directadmin:directadmin:1.06:*:*:*:*:*:*:*
  • cpe:2.3:a:directadmin:directadmin:1.07:*:*:*:*:*:*:*
    cpe:2.3:a:directadmin:directadmin:1.07:*:*:*:*:*:*:*
  • cpe:2.3:a:directadmin:directadmin:1.08:*:*:*:*:*:*:*
    cpe:2.3:a:directadmin:directadmin:1.08:*:*:*:*:*:*:*
  • cpe:2.3:a:directadmin:directadmin:1.09:*:*:*:*:*:*:*
    cpe:2.3:a:directadmin:directadmin:1.09:*:*:*:*:*:*:*
  • cpe:2.3:a:directadmin:directadmin:1.11:*:*:*:*:*:*:*
    cpe:2.3:a:directadmin:directadmin:1.11:*:*:*:*:*:*:*
  • cpe:2.3:a:directadmin:directadmin:1.12:*:*:*:*:*:*:*
    cpe:2.3:a:directadmin:directadmin:1.12:*:*:*:*:*:*:*
  • cpe:2.3:a:directadmin:directadmin:1.13:*:*:*:*:*:*:*
    cpe:2.3:a:directadmin:directadmin:1.13:*:*:*:*:*:*:*
  • cpe:2.3:a:directadmin:directadmin:1.14:*:*:*:*:*:*:*
    cpe:2.3:a:directadmin:directadmin:1.14:*:*:*:*:*:*:*
  • cpe:2.3:a:directadmin:directadmin:1.15:*:*:*:*:*:*:*
    cpe:2.3:a:directadmin:directadmin:1.15:*:*:*:*:*:*:*
  • cpe:2.3:a:directadmin:directadmin:1.16:*:*:*:*:*:*:*
    cpe:2.3:a:directadmin:directadmin:1.16:*:*:*:*:*:*:*
  • cpe:2.3:a:directadmin:directadmin:1.17:*:*:*:*:*:*:*
    cpe:2.3:a:directadmin:directadmin:1.17:*:*:*:*:*:*:*
  • cpe:2.3:a:directadmin:directadmin:1.18:*:*:*:*:*:*:*
    cpe:2.3:a:directadmin:directadmin:1.18:*:*:*:*:*:*:*
  • cpe:2.3:a:directadmin:directadmin:1.19:*:*:*:*:*:*:*
    cpe:2.3:a:directadmin:directadmin:1.19:*:*:*:*:*:*:*
  • cpe:2.3:a:directadmin:directadmin:1.21:*:*:*:*:*:*:*
    cpe:2.3:a:directadmin:directadmin:1.21:*:*:*:*:*:*:*
  • cpe:2.3:a:directadmin:directadmin:1.22:*:*:*:*:*:*:*
    cpe:2.3:a:directadmin:directadmin:1.22:*:*:*:*:*:*:*
  • cpe:2.3:a:directadmin:directadmin:1.23:*:*:*:*:*:*:*
    cpe:2.3:a:directadmin:directadmin:1.23:*:*:*:*:*:*:*
  • cpe:2.3:a:directadmin:directadmin:1.24:*:*:*:*:*:*:*
    cpe:2.3:a:directadmin:directadmin:1.24:*:*:*:*:*:*:*
  • cpe:2.3:a:directadmin:directadmin:1.25:*:*:*:*:*:*:*
    cpe:2.3:a:directadmin:directadmin:1.25:*:*:*:*:*:*:*
  • cpe:2.3:a:directadmin:directadmin:1.26:*:*:*:*:*:*:*
    cpe:2.3:a:directadmin:directadmin:1.26:*:*:*:*:*:*:*
  • cpe:2.3:a:directadmin:directadmin:1.27:*:*:*:*:*:*:*
    cpe:2.3:a:directadmin:directadmin:1.27:*:*:*:*:*:*:*
  • cpe:2.3:a:directadmin:directadmin:1.28:*:*:*:*:*:*:*
    cpe:2.3:a:directadmin:directadmin:1.28:*:*:*:*:*:*:*
  • cpe:2.3:a:directadmin:directadmin:1.29:*:*:*:*:*:*:*
    cpe:2.3:a:directadmin:directadmin:1.29:*:*:*:*:*:*:*
  • cpe:2.3:a:directadmin:directadmin:1.30.1:*:*:*:*:*:*:*
    cpe:2.3:a:directadmin:directadmin:1.30.1:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 29-07-2017 - 01:32)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:P/A:N
refmap via4
bid 24688
misc http://pridels-team.blogspot.com/2007/06/directadmin-xss-vuln.html
osvdb 36339
secunia 25881
vupen ADV-2007-2389
xf directadmin-domain-xss(35177)
Last major update 29-07-2017 - 01:32
Published 30-06-2007 - 01:30
Last modified 29-07-2017 - 01:32
Back to Top