Back to search
CVE-2024-10385
Published: Dec 20, 2024
Modified: Dec 20, 2024
PUBLISHED
Description
Ticket management system in DirectAdmin Evolution Skin is vulnerable to XSS (Cross-site Scripting), which allows a low-privileged user to inject and store malicious JavaScript code. If an admin views the ticket, the script might perform actions with their privileges, including command execution. This issue has been fixed in version 1.668 of DirectAdmin Evolution Skin.
| Vendor | Product | Versions |
|---|---|---|
DirectAdmin | DirectAdmin Evolution Skin | affected 0 - < 1.668 |
Weaknesses (CWE)
References
https://cert.pl/en/posts/2024/12/CVE-2024-10385
third-party-advisory
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now