CVE-2020-35132
published 2020-12-11CVE-2020-35132: An XSS issue has been discovered in phpLDAPadmin before 1.2.6.2 that allows users to store malicious values that may be executed by other users at a later time…
PriorityP425medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
1.32%
67.3th percentile
An XSS issue has been discovered in phpLDAPadmin before 1.2.6.2 that allows users to store malicious values that may be executed by other users at a later time via get_request in lib/function.php.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | phpldapadmin | < phpldapadmin 1.2.6.3-0.3 (bookworm) | phpldapadmin 1.2.6.3-0.3 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| phpldapadmin_project | phpldapadmin | < 1.2.6.2 | 1.2.6.2 |
| phpldapadmin_project | phpldapadmin | >= 0 < 1.2.6.3-0.3 | 1.2.6.3-0.3 |
| phpldapadmin_project | phpldapadmin | >= 0 < 1.2.6.3-0.3 | 1.2.6.3-0.3 |
| phpldapadmin_project | phpldapadmin | >= 0 < 1.2.6.3-0.3 | 1.2.6.3-0.3 |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
osv5.4MEDIUM
vendor_debian5.4MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-44vj-36hg-g8rr: An XSS issue has been discovered in phpLDAPadmin before 1
ghsa_unreviewed·2022-05-24
CVE-2020-35132 [MEDIUM] CWE-79 GHSA-44vj-36hg-g8rr: An XSS issue has been discovered in phpLDAPadmin before 1
An XSS issue has been discovered in phpLDAPadmin before 1.2.6.2 that allows users to store malicious values that may be executed by other users at a later time via get_request in lib/function.php.
OSV
CVE-2020-35132: An XSS issue has been discovered in phpLDAPadmin before 1
osv·2020-12-11·CVSS 5.4
CVE-2020-35132 [MEDIUM] CVE-2020-35132: An XSS issue has been discovered in phpLDAPadmin before 1
An XSS issue has been discovered in phpLDAPadmin before 1.2.6.2 that allows users to store malicious values that may be executed by other users at a later time via get_request in lib/function.php.
Debian
CVE-2020-35132: phpldapadmin - An XSS issue has been discovered in phpLDAPadmin before 1.2.6.2 that allows user...
vendor_debian·2020·CVSS 5.4
CVE-2020-35132 [MEDIUM] CVE-2020-35132: phpldapadmin - An XSS issue has been discovered in phpLDAPadmin before 1.2.6.2 that allows user...
An XSS issue has been discovered in phpLDAPadmin before 1.2.6.2 that allows users to store malicious values that may be executed by other users at a later time via get_request in lib/function.php.
Scope: local
bookworm: resolved (fixed in 1.2.6.3-0.3)
forky: resolved (fixed in 1.2.6.3-0.3)
sid: resolved (fixed in 1.2.6.3-0.3)
trixie: resolved (fixed in 1.2.6.3-0.3)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://bugs.launchpad.net/ubuntu/+source/phpldapadmin/+bug/1906474https://github.com/leenooks/phpLDAPadmin/commit/c87571f6b7be15d5cd8b26381b6eb31ad03d28e2https://github.com/leenooks/phpLDAPadmin/compare/1.2.5...1.2.6.2https://github.com/leenooks/phpLDAPadmin/issues/130https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XA42XDSUPCOXL5ZCP5RGD3FD4JQQWNX/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W6PZH3EY2T66N2MGOA7DWCAIVYIJH4BC/https://bugs.launchpad.net/ubuntu/+source/phpldapadmin/+bug/1906474https://github.com/leenooks/phpLDAPadmin/commit/c87571f6b7be15d5cd8b26381b6eb31ad03d28e2https://github.com/leenooks/phpLDAPadmin/compare/1.2.5...1.2.6.2https://github.com/leenooks/phpLDAPadmin/issues/130https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XA42XDSUPCOXL5ZCP5RGD3FD4JQQWNX/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W6PZH3EY2T66N2MGOA7DWCAIVYIJH4BC/
2020-12-11
Published