CVE-2024-10385
CVE-2024-10385
Título es
CVE-2024-10385
Vie, 20/12/2024 – 16:15
Tipo
CWE-79
Gravedad 2.0 Txt
Pendiente de análisis
Título en
CVE-2024-10385
Descripción en
Ticket management system in DirectAdmin Evolution Skin is vulnerable to XSS (Cross-site Scripting), which allows a low-privileged user to inject and store malicious JavaScript code.
If an admin views the ticket, the script might perform actions with their privileges, including command execution.
This issue has been fixed in version 1.668 of DirectAdmin Evolution Skin.
If an admin views the ticket, the script might perform actions with their privileges, including command execution.
This issue has been fixed in version 1.668 of DirectAdmin Evolution Skin.
20/12/2024
20/12/2024
Vector CVSS:4.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Gravedad 4.0
8.60
Gravedad 4.0 txt
HIGH
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis
Referencias
Enviar en el boletín
Off
