CVE-2026-44671

ZITADEL is an open source identity management platform. From 2.71.11 to before 3.4.10 and 4.15.0, a vulnerability was discovered in Zitadel's LDAP identity provider implementation, which fails to properly escape user-provided usernames before incorporating them into LDAP search filters. This allo...

ZITADEL 注入漏洞

ZITADEL is an open-source identity and access management platform developed by ZITADEL in Switzerland. Versions of ZITADEL from 2.71.11 up to 3.4.10, as well as version 4.15.0, had a vulnerability related to injection attacks. This vulnerability stemmed from improper escaping of user-provided...

GHSA-5835-4GVC-32PC Maddy Mail Server has an LDAP Filter Injection via Unsanitized Username

Summary The auth.ldap module constructs LDAP search filters and DN strings by directly interpolating user-supplied usernames via strings.ReplaceAll without any LDAP filter escaping. An attacker who can reach the SMTP submission AUTH PLAIN or IMAP LOGIN interface can inject arbitrary LDAP filter...

CVE-2026-27860

If authusernamechars is empty, it is possible to inject arbitrary LDAP filter to Dovecot's LDAP authentication. This leads to potentially bypassing restrictions and allows probing of LDAP structure. Do not clear out authusernamechars, or install fixed version. No publicly available exploits are...

EUVD-2020-29288

Malware in sbrugna...

CVE-2023-3447

The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to LDAP Injection in versions up to, and including, 4.1.5. This is due to insufficient escaping on the supplied username value. This makes it possible for unauthenticated attackers to extract potentially...

WordPress plugin Active Directory Integration/LDAP Integration 注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. An injection vulnerability exists in...

PT-2023-3437 · WordPress · Active Directory Integration / Ldap Integration

Name of the Vulnerable Software and Affected Versions: Active Directory Integration / LDAP Integration plugin for WordPress versions up to, and including, 4.1.5 Description: The issue is related to insufficient escaping on the supplied username value, which makes it possible for unauthenticated...

MediaWiki 跨站脚本漏洞

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems. A security vulnerability exists in MediaWiki versions prior to 1.35.7, which stems from the fact...

CVE-2020-24390

eonweb in EyesOfNetwork before 5.3-7 does not properly escape the username on the /module/adminlogs page, which might allow pre-authentication stored XSS during login/logout logs recording...

Cross site scripting

An issue was discovered in Joomla! before 3.9.15. Inadequate escaping of usernames allows XSS attacks in comactionlogs...

CVE-2020-8421

CVE-2020-8421 affects Joomla! core prior to 3.9.15, specifically the com_actionlogs component. The issue is described as inadequate escaping of usernames, which enables cross-site scripting (XSS) attacks. The vulnerability is present in Joomla! 3.x up to version 3.9.14, with a fix introduced in 3...

PT-2020-20126 · Joomla · Joomla!

Name of the Vulnerable Software and Affected Versions: Joomla! versions prior to 3.9.15 Description: An issue was discovered that allows XSS attacks due to inadequate escaping of usernames in com actionlogs. Recommendations: For versions prior to 3.9.15, update to version 3.9.15 or later to resol...