Re: CVE request: phpldapadmin "base" Cross-Site Scripting Vulnerability

[Kurt Seifried <kseifried () redhat com>]

On 02/02/2012 04:15 AM, Agostino Sarubbo wrote:
> According to secunia advisory: 
> https://secunia.com/advisories/47852/
>
> Input passed via the "base" parameter to cmd.php (when "cmd" is set
> to "query_engine") is not properly sanitised in lib/QueryRender.php
> before being returned to the user. This can be exploited to execute
> arbitrary HTML and script code in a user's browser session in
> context of an affected site.
>
> The vulnerability is confirmed in version 1.2.2. Other versions may
> also be affected.
>
> Original Advisory: 
> https://sourceforge.net/tracker/index.php?func=detail&aid=3477910&group_id=61828&atid=498546
>
>  Commit code: 
> http://phpldapadmin.git.sourceforge.net/git/gitweb.cgi?p=phpldapadmin/phpldapadmin;a=commit;h=7dc8d57d6952fe681cb9e8818df7f103220457bd
Ah our missing friend htmlspecialchars. Please use CVE-2012-0834 for
this issue.

-- 
Kurt Seifried Red Hat Security Response Team (SRT)