CVE-2013-4453 — Cross-site Scripting in Ldap-account-manager

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

0.5%

top 35.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Ldap-account-manager Ldap-account-manager Ldap Account Manager

Timeline

PublishedNov 5

Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in templates/login.php in LDAP Account Manager (LAM) 4.3 and 4.2.1 allows remote attackers to inject arbitrary web script or HTML via the language parameter.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶debiandebian/ldap-account-manager< ldap-account-manager 4.4-1 (bookworm)

▶NVDldap-account-manager/ldap_account_manager4.2.1, 4.3+1

Patches

Patch: seclists.org ↗Patch: sourceforge.net ↗Patch: www.rusty-ice.de ↗

🔴Vulnerability Details

GHSA

GHSA-5g8x-p6v8-2gx5: Cross-site scripting (XSS) vulnerability in templates/login↗2022-05-17

▶

OSV

CVE-2013-4453: Cross-site scripting (XSS) vulnerability in templates/login↗2013-11-05

▶

📋Vendor Advisories

Debian

CVE-2013-4453: ldap-account-manager - Cross-site scripting (XSS) vulnerability in templates/login.php in LDAP Account ...↗2013

▶