Home page logo

oss-sec logo oss-sec mailing list archives

CVE request: phpldapadmin "base" Cross-Site Scripting Vulnerability
From: Agostino Sarubbo <ago () gentoo org>
Date: Thu, 02 Feb 2012 12:15:26 +0100

According to secunia advisory:

Input passed via the "base" parameter to cmd.php (when "cmd" is set to 
"query_engine") is not properly sanitised in lib/QueryRender.php before being 
returned to the user. This can be exploited to execute arbitrary HTML and 
script code in a user's browser session in context of an affected site.

The vulnerability is confirmed in version 1.2.2. Other versions may also be 

Original Advisory:

Commit code:

Agostino Sarubbo                ago -at- gentoo.org
Gentoo/AMD64 Arch Security Liaison

Attachment: signature.asc
Description: This is a digitally signed message part.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]