CVE-2024-10385
Severity CVSS v4.0:
HIGH
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
20/12/2024
Last modified:
15/04/2026
Description
Ticket management system in DirectAdmin Evolution Skin is vulnerable to XSS (Cross-site Scripting), which allows a low-privileged user to inject and store malicious JavaScript code.<br />
If an admin views the ticket, the script might perform actions with their privileges, including command execution. <br />
This issue has been fixed in version 1.668 of DirectAdmin Evolution Skin.
Impact
Base Score 4.0
8.60
Severity 4.0
HIGH