Описание
An XSS issue has been discovered in phpLDAPadmin before 1.2.6.2 that allows users to store malicious values that may be executed by other users at a later time via get_request in lib/function.php.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| phpldapadmin | fixed | 1.2.6.3-0.3 | package |
Примечания
https://bugs.launchpad.net/ubuntu/+source/phpldapadmin/+bug/1906474
https://github.com/leenooks/phpLDAPadmin/commit/c87571f6b7be15d5cd8b26381b6eb31ad03d28e2
https://github.com/leenooks/phpLDAPadmin/issues/130
Fix is incomplete: https://github.com/leenooks/phpLDAPadmin/issues/130#issuecomment-745152260
https://github.com/leenooks/phpLDAPadmin/issues/137
EPSS
Связанные уязвимости
An XSS issue has been discovered in phpLDAPadmin before 1.2.6.2 that allows users to store malicious values that may be executed by other users at a later time via get_request in lib/function.php.
An XSS issue has been discovered in phpLDAPadmin before 1.2.6.2 that allows users to store malicious values that may be executed by other users at a later time via get_request in lib/function.php.
An XSS issue has been discovered in phpLDAPadmin before 1.2.6.2 that allows users to store malicious values that may be executed by other users at a later time via get_request in lib/function.php.
EPSS