Lucene search

CVE-2018-8763

🗓️ 27 Mar 2018 16:00:29Reported by mitreType

cve🔗 web.nvd.nist.gov👁 57 Views🌐 WEB

Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 has XSS via dn or template parameters

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 17
Cvelist	CVE-2018-8763	27 Mar 201816:00	–	cvelist
OSV	ldap-account-manager - security update	3 Apr 201800:00	–	osv
OSV	ldap-account-manager - security update	9 Apr 201800:00	–	osv
OSV	CVE-2018-8763	27 Mar 201816:29	–	osv
Prion	Design/Logic Flaw	27 Mar 201816:29	–	prion
Tenable Nessus	Debian DLA-1342-1 : ldap-account-manager security update	10 Apr 201800:00	–	nessus
Tenable Nessus	Debian DSA-4165-1 : ldap-account-manager - security update	4 Apr 201800:00	–	nessus
Debian	[SECURITY] [DLA 1342-1] ldap-account-manager security update	9 Apr 201808:16	–	debian
Debian	[SECURITY] [DSA 4165-1] ldap-account-manager security update	4 Apr 201801:42	–	debian
Debian	[SECURITY] [DSA 4165-1] ldap-account-manager security update	4 Apr 201801:42	–	debian

Nvd

Node

debian debian_linuxMatch7.0

debian debian_linuxMatch8.0

debian debian_linuxMatch9.0

Node

ldap-account-manager ldap_account_managerRange<6.3

Source	Link
seclists	www.seclists.org/fulldisclosure/2018/Mar/45
debian	www.debian.org/security/2018/dsa-4165
packetstormsecurity	www.packetstormsecurity.com/files/146858/LDAP-Account-Manager-6.2-Cross-Site-Scripting.html
lists	www.lists.debian.org/debian-lts-announce/2018/04/msg00007.html

Parameter	Position	Path	Description	CWE
dn	query param	/lam/templates/3rdParty/pla/htdocs/cmd.php	Reflected XSS vulnerability via dn parameter in cmd.php.	CWE-79
template	query param	/lam/templates/3rdParty/pla/htdocs/cmd.php	Reflected XSS vulnerability via template parameter in cmd.php.	CWE-79
type	query param	/lam/templates/upload/masscreate.php	Reflected XSS vulnerability via type parameter in masscreate.php.	CWE-79
sec_token	query param	/lam/templates/misc/ajax.php	CSRF tokens in URLs increase risk of exposure.	CWE-346

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

27 Mar 2018 16:29Current

6Medium risk

Vulners AI Score6

CVSS24.3

CVSS36.1

EPSS0.00447

CWE-79