oss-sec mailing list archives
phamm: CVE-2017-0378: reflected XSS in login page
From: Salvatore Bonaccorso <carnil () debian org>
Date: Thu, 20 Jul 2017 05:49:13 +0200
Hi John Lightsey found a reflected XSS vulnerability in phamm login page. phamm is a PHP front-end to manage virtual services on LDAP. Quoting his report in Debian[0]:
While looking through codesearch.debian.net I noticed that phamm's views/helpers.php uses $_SERVER['PHP_SELF'] in a way that is vulnerable to reflected XSS attacks. To reproduce the problem, load a URL like this in Firefox: http://127.0.0.1/phamm/main.php/%22%3E%3Cscript%3Ealert%28123%29%3C/script%3E
Refrences: [0] https://bugs.debian.org/868988 [1] https://github.com/lota/phamm/issues/21 Regards, Salvatore
Current thread:
- phamm: CVE-2017-0378: reflected XSS in login page Salvatore Bonaccorso (Jul 19)