Описание
In the portal in LemonLDAP::NG before 2.21.0, cross-site scripting (XSS) allows remote attackers to inject arbitrary web script or HTML (into the login page) via the tab parameter, for Choice authentication.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| lemonldap-ng | fixed | 2.21.0+ds-1 | package |
Примечания
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3341
Fixed by: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/a790b15e94f1435d9dfe1fe30750f35d54ed072a (v2.16.5)
Fixed by: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/d27dbb12bd69e2551e819da898943a11ffd15673 (v2.21.0)
Introduced in: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/9620e6870a0102365cb0e5bc5d1f1cd17235bb5d (v2.0.8)
EPSS
Связанные уязвимости
In the portal in LemonLDAP::NG before 2.21.0, cross-site scripting (XSS) allows remote attackers to inject arbitrary web script or HTML (into the login page) via the tab parameter, for Choice authentication.
In the portal in LemonLDAP::NG before 2.21.0, cross-site scripting (XSS) allows remote attackers to inject arbitrary web script or HTML (into the login page) via the tab parameter, for Choice authentication.
In the portal in LemonLDAP::NG before 2.21.0, cross-site scripting (XSS) allows remote attackers to inject arbitrary web script or HTML (into the login page) via the tab parameter, for Choice authentication.
Уязвимость компонента Choice Authentication Module системы аутентификации для веб-приложений LemonLDAP::NG, позволяющая нарушителю проводить межсайтовые сценарные атаки
EPSS