CVE-2012-0834
published 2012-02-11CVE-2012-0834: Cross-site scripting (XSS) vulnerability in lib/QueryRender.php in phpLDAPadmin 1.2.2 and earlier allows remote attackers to inject arbitrary web script or…
PriorityP423medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
4.97%
91.1th percentile
Cross-site scripting (XSS) vulnerability in lib/QueryRender.php in phpLDAPadmin 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the base parameter in a query_engine action to cmd.php.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | phpldapadmin | < phpldapadmin 1.2.2-1 (bookworm) | phpldapadmin 1.2.2-1 (bookworm) |
| phpldapadmin_project | phpldapadmin | <= 1.2.2 | — |
| phpldapadmin_project | phpldapadmin | >= 0 < 1.2.2-1 | 1.2.2-1 |
| phpldapadmin_project | phpldapadmin | >= 0 < 1.2.2-1 | 1.2.2-1 |
| phpldapadmin_project | phpldapadmin | >= 0 < 1.2.2-1 | 1.2.2-1 |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv4.3MEDIUM
vendor_debian4.3LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-h3h7-fqg9-32f3: Cross-site scripting (XSS) vulnerability in lib/QueryRender
ghsa_unreviewed·2022-05-13
CVE-2012-0834 [MEDIUM] CWE-79 GHSA-h3h7-fqg9-32f3: Cross-site scripting (XSS) vulnerability in lib/QueryRender
Cross-site scripting (XSS) vulnerability in lib/QueryRender.php in phpLDAPadmin 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the base parameter in a query_engine action to cmd.php.
OSV
CVE-2012-0834: Cross-site scripting (XSS) vulnerability in lib/QueryRender
osv·2012-02-11·CVSS 4.3
CVE-2012-0834 [MEDIUM] CVE-2012-0834: Cross-site scripting (XSS) vulnerability in lib/QueryRender
Cross-site scripting (XSS) vulnerability in lib/QueryRender.php in phpLDAPadmin 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the base parameter in a query_engine action to cmd.php.
Debian
CVE-2012-0834: phpldapadmin - Cross-site scripting (XSS) vulnerability in lib/QueryRender.php in phpLDAPadmin ...
vendor_debian·2012·CVSS 4.3
CVE-2012-0834 [MEDIUM] CVE-2012-0834: phpldapadmin - Cross-site scripting (XSS) vulnerability in lib/QueryRender.php in phpLDAPadmin ...
Cross-site scripting (XSS) vulnerability in lib/QueryRender.php in phpLDAPadmin 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the base parameter in a query_engine action to cmd.php.
Scope: local
bookworm: resolved (fixed in 1.2.2-1)
forky: resolved (fixed in 1.2.2-1)
sid: resolved (fixed in 1.2.2-1)
trixie: resolved (fixed in 1.2.2-1)
No detection rules found.
http://openwall.com/lists/oss-security/2012/02/02/9http://openwall.com/lists/oss-security/2012/02/03/3http://phpldapadmin.git.sourceforge.net/git/gitweb.cgi?p=phpldapadmin/phpldapadmin%3Ba=commit%3Bh=7dc8d57d6952fe681cb9e8818df7f103220457bdhttp://secunia.com/advisories/47852http://www.mandriva.com/security/advisories?name=MDVSA-2012:020https://sourceforge.net/tracker/index.php?func=detail&aid=3477910&group_id=61828&atid=498546http://openwall.com/lists/oss-security/2012/02/02/9http://openwall.com/lists/oss-security/2012/02/03/3http://phpldapadmin.git.sourceforge.net/git/gitweb.cgi?p=phpldapadmin/phpldapadmin%3Ba=commit%3Bh=7dc8d57d6952fe681cb9e8818df7f103220457bdhttp://secunia.com/advisories/47852http://www.mandriva.com/security/advisories?name=MDVSA-2012:020https://sourceforge.net/tracker/index.php?func=detail&aid=3477910&group_id=61828&atid=498546
2012-02-11
Published