CVE-2007-1840 — Cross-site Scripting in Ldap-account-manager

4 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

0.6%

top 30.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Ldap-account-manager Ldap Account Manager

Timeline

PublishedApr 3

Latest updateMay 1

Description

lib/modules.inc in LDAP Account Manager (LAM) before 1.3.0 does not escape HTML special characters in LDAP data, which allows remote attackers to have an unknown impact, probably cross-site scripting (XSS).

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶debiandebian/ldap-account-manager< ldap-account-manager 1.1.1-2 (bookworm)

▶NVDldap_account_manager/ldap_account_manager1.0_rc2

Patches

Patch: lam.cvs.sourceforge.net ↗Patch: lam.cvs.sourceforge.net ↗

🔴Vulnerability Details

GHSA

GHSA-3855-5967-qfv2: lib/modules↗2022-05-01

▶

OSV

CVE-2007-1840: lib/modules↗2007-04-03

▶

📋Vendor Advisories

Debian

CVE-2007-1840: ldap-account-manager - lib/modules.inc in LDAP Account Manager (LAM) before 1.3.0 does not escape HTML ...↗2007

▶