Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-11107 — Cross-site Scripting in Phpldapadmin

CWE-79 — Cross-site Scripting9 documents7 sources

Severity

6.1MEDIUMNVD

EPSS

0.1%

top 68.47%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Phpldapadmin Project Phpldapadmin Debian Phpldapadmin Debian Linux

Timeline

PublishedJul 8

Latest updateMay 13

Description

phpLDAPadmin through 1.2.3 has XSS in htdocs/entry_chooser.php via the form, element, rdn, or container parameter.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

▶debiandebian/phpldapadmin< phpldapadmin 1.2.2-6.2 (bookworm)

▶Debianphpldapadmin_project/phpldapadmin< 1.2.2-6.2+2

▶NVDphpldapadmin_project/phpldapadmin1.2.3

Also affects: Debian Linux 8.0

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-563x-7v47-fh3j: phpLDAPadmin through 1↗2022-05-13

▶

OSV

CVE-2017-11107: phpLDAPadmin through 1↗2017-07-08

▶

💥Exploits & PoCs

Nuclei

phpLDAPadmin <= 1.2.3 - Reflected XSS

▶

📋Vendor Advisories

Ubuntu

phpLDAPadmin vulnerability↗2020-11-05

▶

Debian

CVE-2017-11107: phpldapadmin - phpLDAPadmin through 1.2.3 has XSS in htdocs/entry_chooser.php via the form, ele...↗2017

▶

💬Community

Bugzilla

CVE-2017-11107 phpldapadmin: XSS in htdocs/entry_chooser.php via form, element, rdn, or container parameter↗2017-07-14

▶

Bugzilla

CVE-2017-11107 phpldapadmin: XSS in htdocs/entry_chooser.php via form, element, rdn, or container parameter [fedora-all]↗2017-07-14

▶

Bugzilla

CVE-2017-11107 phpldapadmin: XSS in htdocs/entry_chooser.php via form, element, rdn, or container parameter [epel-all]↗2017-07-14

▶