What is CVE-2022-24851?

CVE-2022-24851 is a high-severity vulnerability in Ldapaccountmanager Lam, classified under Cross-site Scripting. CVSS score: 8.1/10. Published 2022-04-15.

How severe is CVE-2022-24851?

High severity. CVSS v3 base score is 8.1 out of 10.

Is CVE-2022-24851 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

XSS in Ldapaccountmanager Lam

CVE-2022-24851

LDAP Account Manager (LAM) is an open source web frontend for managing entries stored in an LDAP directory. The profile editor tool has an edit profile functionality, the parameters on this page are not properly sanitized and hence leads t…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.008 (74.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.1 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N.

Affected products

Ldapaccountmanager Lam — versions < 7.9.1

Weakness classification (CWE)

Public proof-of-concept exploits

karimhabush/cyberowl

References

github.com/LDAPAccountManager/lam/security/advisories/GHSA-f2fr-cccr-583v (x_refsource_CONFIRM)
github.com/LDAPAccountManager/lam/issues/170 (x_refsource_MISC)
github.com/LDAPAccountManager/lam/commit/3c6f09a3579e048e224eb5a4c4e3eefaa8bccd… (x_refsource_MISC)
DSA-5177 (vendor-advisory, x_refsource_DEBIAN)

Frequently asked questions

What is CVE-2022-24851?: CVE-2022-24851 is a high-severity vulnerability in Ldapaccountmanager Lam, classified under Cross-site Scripting. CVSS score: 8.1/10. Published 2022-04-15.
How severe is CVE-2022-24851?: High severity. CVSS v3 base score is 8.1 out of 10.
Is CVE-2022-24851 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.