oss-sec mailing list archives

CVE Request: LDAP Account Manager XSS in login.php

From: Salvatore Bonaccorso <carnil () debian org>
Date: Mon, 21 Oct 2013 23:16:47 +0200

Hi Kurt,

Eric Sesterhenn discovered a XSS vulnerability in login.php of
LDAP Account Manager and reported this to the Debian BTS[1]. It
requires to send malicious data via POST.

 [1] http://bugs.debian.org/726976

Upstream Bugreport:

 [2] http://sourceforge.net/p/lam/bugs/156/

Upstream also has already commited fixes to the VCS:

 [3] http://sourceforge.net/p/lam/code/5074/
 [4] http://sourceforge.net/p/lam/code/5075/

Could you please assign a CVE for this issue?

Regards,
Salvatore

Current thread:

CVE Request: LDAP Account Manager XSS in login.php Salvatore Bonaccorso (Oct 21)
- Re: CVE Request: LDAP Account Manager XSS in login.php Kurt Seifried (Oct 21)