CVE-2006-5983 - Vulnerability Details - OpenCVE

Multiple cross-site scripting (XSS) vulnerabilities in JBMC Software DirectAdmin 1.28.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) user parameter to (a) CMD_SHOW_RESELLER or (b) CMD_SHOW_USER in the Admin level; the (2) TYPE parameter to (c) CMD_TICKET_CREATE or (d) CMD_TICKET, the (3) user parameter to (e) CMD_EMAIL_FORWARDER_MODIFY, (f) CMD_EMAIL_VACATION_MODIFY, or (g) CMD_FTP_SHOW, and the (4) name parameter to (h) CMD_EMAIL_LIST in the User level; or the (5) user parameter to (i) CMD_SHOW_USER in the Reseller level.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Directadmin	Directadmin

Configuration 1 [-]

cpe:2.3:a:directadmin:directadmin:1.28.1:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://aria-security.net/advisory/directadmin.txt
http://securityreason.com/securityalert/1885
http://www.securityfocus.com/archive/1/451376/100/0/threaded
http://www.securityfocus.com/bid/21049
https://exchange.xforce.ibmcloud.com/vulnerabilities/30256

History

Tue, 16 Dec 2025 21:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Directadmin Directadmin directadmin
Weaknesses	NVD-CWE-Other	CWE-79
CPEs	cpe:2.3:a:jbmc_software:directadmin:1.28.1:::::::*	cpe:2.3:a:directadmin:directadmin:1.28.1:::::::*
Vendors & Products	Jbmc Software Jbmc Software directadmin	Directadmin Directadmin directadmin

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-11-20T21:00:00

Updated: 2024-08-07T20:12:31.171Z

Reserved: 2006-11-20T00:00:00

Link: CVE-2006-5983

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2006-11-20T21:07:00.000

Modified: 2025-12-16T20:46:23.827

Link: CVE-2006-5983

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-11-12T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in JBMC Software DirectAdmin 1.28.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) user parameter to (a) CMD_SHOW_RESELLER or (b) CMD_SHOW_USER in the Admin level; the (2) TYPE parameter to (c) CMD_TICKET_CREATE or (d) CMD_TICKET, the (3) user parameter to (e) CMD_EMAIL_FORWARDER_MODIFY, (f) CMD_EMAIL_VACATION_MODIFY, or (g) CMD_FTP_SHOW, and the (4) name parameter to (h) CMD_EMAIL_LIST in the User level; or the (5) user parameter to (i) CMD_SHOW_USER in the Reseller level."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-17T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "21049", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/21049"}, {"name": "directadmin-user-xss(30256)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30256"}, {"tags": ["x_refsource_MISC"], "url": "http://aria-security.net/advisory/directadmin.txt"}, {"name": "20061112 DirectAdmin Multiple Cross Site Scription", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/451376/100/0/threaded"}, {"name": "1885", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/1885"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-5983", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in JBMC Software DirectAdmin 1.28.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) user parameter to (a) CMD_SHOW_RESELLER or (b) CMD_SHOW_USER in the Admin level; the (2) TYPE parameter to (c) CMD_TICKET_CREATE or (d) CMD_TICKET, the (3) user parameter to (e) CMD_EMAIL_FORWARDER_MODIFY, (f) CMD_EMAIL_VACATION_MODIFY, or (g) CMD_FTP_SHOW, and the (4) name parameter to (h) CMD_EMAIL_LIST in the User level; or the (5) user parameter to (i) CMD_SHOW_USER in the Reseller level."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "21049", "refsource": "BID", "url": "http://www.securityfocus.com/bid/21049"}, {"name": "directadmin-user-xss(30256)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30256"}, {"name": "http://aria-security.net/advisory/directadmin.txt", "refsource": "MISC", "url": "http://aria-security.net/advisory/directadmin.txt"}, {"name": "20061112 DirectAdmin Multiple Cross Site Scription", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/451376/100/0/threaded"}, {"name": "1885", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/1885"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T20:12:31.171Z"}, "title": "CVE Program Container", "references": [{"name": "21049", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/21049"}, {"name": "directadmin-user-xss(30256)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30256"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://aria-security.net/advisory/directadmin.txt"}, {"name": "20061112 DirectAdmin Multiple Cross Site Scription", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/451376/100/0/threaded"}, {"name": "1885", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/1885"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-5983", "datePublished": "2006-11-20T21:00:00", "dateReserved": "2006-11-20T00:00:00", "dateUpdated": "2024-08-07T20:12:31.171Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:directadmin:directadmin:1.28.1:*:*:*:*:*:*:*", "matchCriteriaId": "EA5B2515-82BF-4F96-96E9-09EFB3D76CF2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in JBMC Software DirectAdmin 1.28.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) user parameter to (a) CMD_SHOW_RESELLER or (b) CMD_SHOW_USER in the Admin level; the (2) TYPE parameter to (c) CMD_TICKET_CREATE or (d) CMD_TICKET, the (3) user parameter to (e) CMD_EMAIL_FORWARDER_MODIFY, (f) CMD_EMAIL_VACATION_MODIFY, or (g) CMD_FTP_SHOW, and the (4) name parameter to (h) CMD_EMAIL_LIST in the User level; or the (5) user parameter to (i) CMD_SHOW_USER in the Reseller level."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en JBMC Software DirectAdmin 1.28.1 permiten a usuarios remotos autenticados inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s del par\u00e1metro (1) usuario (user) de (a) CMD_SHOW_RESELLER o (b) CMD_SHOW_USER en el nivel de administrador (Admin level); el par\u00e1metro (2) TYPE de (c) CMD_TICKET_CREATE o (d) CMD_TICKET, el par\u00e1metro (3) usuario (user) de (e) CMD_EMAIL_FORWARDER_MODIFY, (g) CMD_EMAIL_VACATION_MODIFY, o (g) CMD_FTP_SHOW, y el par\u00e1metro (4) nombre (name) de (h) CMD_EMAIL_LIST en el nivel de usuario (User level); o el par\u00e1metro (5) usuario (user) de (i) CMD_SHOW_USER en el nivel de revendedor (Reseller level)."}], "id": "CVE-2006-5983", "lastModified": "2025-12-16T20:46:23.827", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-11-20T21:07:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory", "Broken Link"], "url": "http://aria-security.net/advisory/directadmin.txt"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "http://securityreason.com/securityalert/1885"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.securityfocus.com/archive/1/451376/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Broken Link"], "url": "http://www.securityfocus.com/bid/21049"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30256"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory", "Broken Link"], "url": "http://aria-security.net/advisory/directadmin.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "http://securityreason.com/securityalert/1885"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.securityfocus.com/archive/1/451376/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Broken Link"], "url": "http://www.securityfocus.com/bid/21049"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30256"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}