oss-sec mailing list archives
Re: CVE Request: LDAP Account Manager XSS in login.php
From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 21 Oct 2013 23:45:49 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/21/2013 03:16 PM, Salvatore Bonaccorso wrote:
Hi Kurt, Eric Sesterhenn discovered a XSS vulnerability in login.php of LDAP Account Manager and reported this to the Debian BTS[1]. It requires to send malicious data via POST. [1] http://bugs.debian.org/726976 Upstream Bugreport: [2] http://sourceforge.net/p/lam/bugs/156/ Upstream also has already commited fixes to the VCS: [3] http://sourceforge.net/p/lam/code/5074/ [4] http://sourceforge.net/p/lam/code/5075/ Could you please assign a CVE for this issue? Regards, Salvatore
Thanks, please use CVE-2013-4453 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) iQIcBAEBAgAGBQJSZhENAAoJEBYNRVNeJnmTbEMP/imXMXt9yFjHSh42fMNDjx2g 1lrVFPC6VoZiJ63qhTy/DYf3vO2sgXOXQn5r5NypnBN+Oyq40dtX56wbV+hULioa 7W7JlXpcJLrjXxQi/dGF46XR3KZL0kpW2lUgJ+jfLKOqa5Do0LfzHtcRRnxI/CIs p4hzBqRhJ1laAGkCAYwoitloAnmRFHyoGnRomgkWS4xSHI7DT5k3m8X28R9rBxJ1 CCpfhtVqVhrjpY/IzJ8rzwob9voTOgDPZVsVfI5sB0qOkwKWxgGzBs/jHrG1nBQD ucONhql0zNF6n3Z720RcI60jNqcdNBsxyF54CBj5ZHIjicB36AXJxg9r1eSxrg2w pqdI3AhI5TN9f/y0USkOsJnUK4wkYhqugHRyIEapVd0/D5g8r2wUjkxNSvQueLtt 6VAousV8sPP0UngytOrppgKuSyWjIsvQmo9bOFRScbAQ6IF8c6VMBF+YXkw1d+Vg /K9hkqBloStlWHIiwm/gb8dWRq3OLYna3vQobjKDAqfPgiw9BEFZvfbUgB/fcTY0 QZhVv7C8TaGodz3zkFEMHhAZRK5klMrXTM9i/kK0DgC+Gtgbj+K3ihwsDvS5F0F6 Zxevrxk+1jgy9KIGK89wQG6tinwD4JHJ5JR6LGSYELbqKoE8Ww3upkjSvCC7nysu tABNBx4fgPoMxJSpn5Yd =R3A8 -----END PGP SIGNATURE-----
Current thread:
- CVE Request: LDAP Account Manager XSS in login.php Salvatore Bonaccorso (Oct 21)
- Re: CVE Request: LDAP Account Manager XSS in login.php Kurt Seifried (Oct 21)