CVE-2012-1114Cross-site Scripting in Ldap-account-manager

CWE-79Cross-site Scripting9 documents6 sources
Severity
6.1MEDIUMNVD
EPSS
0.8%
top 25.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Phpldapadmin Project PhpldapadminDebian Ldap-account-managerDebian Phpldapadmin+3 more
Timeline
PublishedDec 5
Latest updateApr 23

Description

A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the filter parameter to cmd.php in an export and exporter_id action. and the filteruid parameter to list.php.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages4 packages

debiandebian/ldap-account-manager< ldap-account-manager 3.6-2 (bookworm)
debiandebian/phpldapadmin< ldap-account-manager 3.6-2 (bookworm)

Also affects: Debian Linux 8.0, 9.0, Fedora 16, 17, 18

🔴Vulnerability Details

2
GHSA
GHSA-88f8-8wmr-26w2: A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 32022-04-23
OSV
CVE-2012-1114: A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 32019-12-05

💥Exploits & PoCs

1
Exploit-DB
Cisco Unity Express - Multiple Vulnerabilities2013-02-05

📋Vendor Advisories

1
Debian
CVE-2012-1114: ldap-account-manager - A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) ...2012

💬Community

4
Bugzilla
CVE-2012-1114 CVE-2012-1115 phpldapadmin: XSS flaws via 'export', 'add_value_form' and 'dn' variables [epel-6]2012-03-05
Bugzilla
CVE-2012-1114 CVE-2012-1115 phpldapadmin: XSS flaws via 'export', 'add_value_form' and 'dn' variables [fedora-all]2012-03-05
Bugzilla
CVE-2012-1114 CVE-2012-1115 phpldapadmin: XSS flaws via 'export', 'add_value_form' and 'dn' variables [epel-5]2012-03-05
Bugzilla
CVE-2012-1114 CVE-2012-1115 phpldapadmin: XSS flaws via 'export', 'add_value_form' and 'dn' variables2012-03-05