Cross site scripting

2011-11-0217:55:00

PRIOn knowledge base

www.prio-n.com

6 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

72.9%

JSON

Cross-site scripting (XSS) vulnerability in cmd.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via an _debug command.

CPENameOperatorVersion
phpldapadmineq1.2.0
phpldapadmineq1.2.0.1
phpldapadmineq1.2.0.2
phpldapadmineq1.2.0.3
phpldapadmineq1.2.0.4
phpldapadmineq1.2.0.5
phpldapadmineq1.2.1
phpldapadmineq1.2.1.1

Name	Operator	Version
phpldapadmin	eq	1.2.0
phpldapadmin	eq	1.2.0.1
phpldapadmin	eq	1.2.0.2
phpldapadmin	eq	1.2.0.3
phpldapadmin	eq	1.2.0.4
phpldapadmin	eq	1.2.0.5
phpldapadmin	eq	1.2.1
phpldapadmin	eq	1.2.1.1

References

openwall.com/lists/oss-security/2011/10/24/9

openwall.com/lists/oss-security/2011/10/25/2

osvdb.org/76593

phpldapadmin.git.sourceforge.net/git/gitweb.cgi?p=phpldapadmin/phpldapadmin%3Ba=blobdiff%3Bf=htdocs/cmd.php%3Bh=0ddf0044355abc94160be73122eb34f3e48ab2d9%3Bhp=34f3848fe4a6d4c00c7c568afa81f59579f5d724%3Bhb=64668e882b8866fae0fa1b25375d1a2f3b4672e2%3Bhpb=caeba72171ade4f588fef1818aa4f6243a68b85e

phpldapadmin.sourceforge.net/wiki/index.php/Main_Page

secunia.com/advisories/46551

secunia.com/advisories/46672

www.debian.org/security/2011/dsa-2333

www.securityfocus.com/bid/50331