Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: CVE Request: LDAP Account Manager XSS in login.php
From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 21 Oct 2013 23:45:49 -0600

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/21/2013 03:16 PM, Salvatore Bonaccorso wrote:
Hi Kurt,

Eric Sesterhenn discovered a XSS vulnerability in login.php of LDAP
Account Manager and reported this to the Debian BTS[1]. It requires
to send malicious data via POST.

[1] http://bugs.debian.org/726976

Upstream Bugreport:

[2] http://sourceforge.net/p/lam/bugs/156/

Upstream also has already commited fixes to the VCS:

[3] http://sourceforge.net/p/lam/code/5074/ [4]
http://sourceforge.net/p/lam/code/5075/

Could you please assign a CVE for this issue?

Regards, Salvatore


Thanks, please use CVE-2013-4453 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iQIcBAEBAgAGBQJSZhENAAoJEBYNRVNeJnmTbEMP/imXMXt9yFjHSh42fMNDjx2g
1lrVFPC6VoZiJ63qhTy/DYf3vO2sgXOXQn5r5NypnBN+Oyq40dtX56wbV+hULioa
7W7JlXpcJLrjXxQi/dGF46XR3KZL0kpW2lUgJ+jfLKOqa5Do0LfzHtcRRnxI/CIs
p4hzBqRhJ1laAGkCAYwoitloAnmRFHyoGnRomgkWS4xSHI7DT5k3m8X28R9rBxJ1
CCpfhtVqVhrjpY/IzJ8rzwob9voTOgDPZVsVfI5sB0qOkwKWxgGzBs/jHrG1nBQD
ucONhql0zNF6n3Z720RcI60jNqcdNBsxyF54CBj5ZHIjicB36AXJxg9r1eSxrg2w
pqdI3AhI5TN9f/y0USkOsJnUK4wkYhqugHRyIEapVd0/D5g8r2wUjkxNSvQueLtt
6VAousV8sPP0UngytOrppgKuSyWjIsvQmo9bOFRScbAQ6IF8c6VMBF+YXkw1d+Vg
/K9hkqBloStlWHIiwm/gb8dWRq3OLYna3vQobjKDAqfPgiw9BEFZvfbUgB/fcTY0
QZhVv7C8TaGodz3zkFEMHhAZRK5klMrXTM9i/kK0DgC+Gtgbj+K3ihwsDvS5F0F6
Zxevrxk+1jgy9KIGK89wQG6tinwD4JHJ5JR6LGSYELbqKoE8Ww3upkjSvCC7nysu
tABNBx4fgPoMxJSpn5Yd
=R3A8
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault