XSS in Phpldapadmin_project Phpldapadmin

CVE-2011-4074

Cross-site scripting (XSS) vulnerability in cmd.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via an _debug command.

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.118 (93.9th percentile) — read the EPSS interpretation.

Affected products

Phpldapadmin_project Phpldapadmin — versions 1.2.0, 1.2.0.1, 1.2.0.2
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

50331 (vdb-entry, x_refsource_BID)
[oss-security] 20111025 Re: CVE request: phpldapadmin <= 1.2.1.1 XSS and and code injection flaws (mailing-list, x_refsource_MLIST, Exploit, Patch)
46672 (x_refsource_SECUNIA, third-party-advisory)
46551 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
[oss-security] 20111024 CVE request: phpldapadmin <= 1.2.1.1 XSS and and code injection flaws (mailing-list, x_refsource_MLIST, Exploit, Patch)
76593 (x_refsource_OSVDB, vdb-entry)
secalert@redhat.com (x_refsource_CONFIRM)
DSA-2333 (vendor-advisory, x_refsource_DEBIAN)
secalert@redhat.com (x_refsource_CONFIRM)