Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2024-48933

Опубликовано: 09 окт. 2024
Источник: debian

Описание

A cross-site scripting (XSS) vulnerability in LemonLDAP::NG before 2.19.3 allows remote attackers to inject arbitrary web script or HTML into the login page via a username if userControl has been set to a non-default value that allows special HTML characters.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
lemonldap-ngfixed2.20.0+ds-1package
lemonldap-ngfixed2.16.1+ds-deb12u3bookwormpackage

Примечания

  • https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3232

  • Fixed by: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/288a5061d42d7e6a5a2932a4d3914dca100f9c25 (v.20.0)

  • Fixed by: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/2bacbb4aa76a3f58f0156d453d1745d40d490ca8 (v2.20.0)

  • Fixed by: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/52f66862814c311b8d06fcd398db947c996aa78b (v2.20.0)

Связанные уязвимости

ubuntu логотип

CVE-2024-48933

CVSS3: 6.1
ubuntu
больше 1 года назад

A cross-site scripting (XSS) vulnerability in LemonLDAP::NG before 2.19.3 allows remote attackers to inject arbitrary web script or HTML into the login page via a username if userControl has been set to a non-default value that allows special HTML characters.

nvd логотип

CVE-2024-48933

CVSS3: 6.1
nvd
больше 1 года назад

A cross-site scripting (XSS) vulnerability in LemonLDAP::NG before 2.19.3 allows remote attackers to inject arbitrary web script or HTML into the login page via a username if userControl has been set to a non-default value that allows special HTML characters.

github логотип

GHSA-vp6w-3fx2-4f2w

CVSS3: 6.1
github
больше 1 года назад

A cross-site scripting (XSS) vulnerability in LemonLDAP::NG before 2.19.3 allows remote attackers to inject arbitrary web script or HTML into the login page via a username if userControl has been set to a non-default value that allows special HTML characters.