Lucene search

PRIOn knowledge basePRION:CVE-2007-1840

HistoryApr 03, 2007 - 12:19 a.m.

Cross site scripting

2007-04-0300:19:00

PRIOn knowledge base

www.prio-n.com

6.1 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.005 Low

EPSS

Percentile

76.1%

JSON

lib/modules.inc in LDAP Account Manager (LAM) before 1.3.0 does not escape HTML special characters in LDAP data, which allows remote attackers to have an unknown impact, probably cross-site scripting (XSS).

CPENameOperatorVersion
ldap_account_managereq<= 1.0-rc2

CPE	Name	Operator	Version
	ldap_account_manager	eq	<= 1.0-rc2

References

lam.cvs.sourceforge.net/lam/lam/lib/modules.inc?r1=1.173&r2=1.174

lam.sourceforge.net/changelog/index.htm

secunia.com/advisories/24687

secunia.com/advisories/25157

www.securityfocus.com/bid/23190

www.us.debian.org/security/2007/dsa-1287

www.vupen.com/english/advisories/2007/1149

exchange.xforce.ibmcloud.com/vulnerabilities/33307

6.1 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.005 Low

EPSS

Percentile

76.1%

JSON

Related for PRION:CVE-2007-1840