phpldapadmin 1.2.5 vulnerable to stored cross site scripting
Bug #1906474 reported by
Andy Gu
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
phpldapadmin (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Hi! I noticed that phpldapadmin versions up to v1.2.5 has a stored cross-site scripting vulnerability when confirming to change a field. I have attached details in this Github issue:
https:/
The maintainer noted that 1.2.6 is not vulnerable, but I wanted to report upstream in case it is assigned here.
CVE References
information type: | Private Security → Public Security |
Changed in phpldapadmin (Ubuntu): | |
status: | New → Confirmed |
To post a comment you must log in.
I apologize for the public disclosure on Github -- I was following the disclosure policy described on that site. I also transferred the report here in haste.