CVE-2024-10385

Vulnerability Description

Ticket management system in DirectAdmin Evolution Skin is vulnerable to XSS (Cross-site Scripting), which allows a low-privileged user to inject and store malicious JavaScript code. If an admin views the ticket, the script might perform actions with their privileges, including command execution. This issue has been fixed in version 1.668 of DirectAdmin Evolution Skin.

Related Weaknesses (CWE)

CWE-79

References

https://cert.pl/en/posts/2024/12/CVE-2024-10385
https://www.directadmin.com/evolution.php

FAQ

What is CVE-2024-10385?

CVE-2024-10385 is a documented vulnerability. Ticket management system in DirectAdmin Evolution Skin is vulnerable to XSS (Cross-site Scripting), which allows a low-privileged user to inject and store malicious JavaScript code. If an admin views ...

How severe is CVE-2024-10385?

CVSS scoring is not yet available for CVE-2024-10385. Check NVD for updates.

Is there a patch for CVE-2024-10385?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.