Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 02 Feb 2012 12:15:26 +0100
From: Agostino Sarubbo <>
Subject: CVE request: phpldapadmin "base" Cross-Site Scripting Vulnerability

According to secunia advisory:

Input passed via the "base" parameter to cmd.php (when "cmd" is set to 
"query_engine") is not properly sanitised in lib/QueryRender.php before being 
returned to the user. This can be exploited to execute arbitrary HTML and 
script code in a user's browser session in context of an affected site.

The vulnerability is confirmed in version 1.2.2. Other versions may also be 

Original Advisory:

Commit code:;a=commit;h=7dc8d57d6952fe681cb9e8818df7f103220457bd

Agostino Sarubbo		ago -at-
Gentoo/AMD64 Arch Security Liaison

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ