Home page logo
/

oss-sec logo oss-sec mailing list archives

CVE Request: LDAP Account Manager XSS in login.php
From: Salvatore Bonaccorso <carnil () debian org>
Date: Mon, 21 Oct 2013 23:16:47 +0200

Hi Kurt,

Eric Sesterhenn discovered a XSS vulnerability in login.php of
LDAP Account Manager and reported this to the Debian BTS[1]. It
requires to send malicious data via POST.

 [1] http://bugs.debian.org/726976

Upstream Bugreport:

 [2] http://sourceforge.net/p/lam/bugs/156/

Upstream also has already commited fixes to the VCS:

 [3] http://sourceforge.net/p/lam/code/5074/
 [4] http://sourceforge.net/p/lam/code/5075/

Could you please assign a CVE for this issue?

Regards,
Salvatore


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]