oss-sec mailing list archives
CVE Request: LDAP Account Manager XSS in login.php
From: Salvatore Bonaccorso <carnil () debian org>
Date: Mon, 21 Oct 2013 23:16:47 +0200
Hi Kurt, Eric Sesterhenn discovered a XSS vulnerability in login.php of LDAP Account Manager and reported this to the Debian BTS[1]. It requires to send malicious data via POST. [1] http://bugs.debian.org/726976 Upstream Bugreport: [2] http://sourceforge.net/p/lam/bugs/156/ Upstream also has already commited fixes to the VCS: [3] http://sourceforge.net/p/lam/code/5074/ [4] http://sourceforge.net/p/lam/code/5075/ Could you please assign a CVE for this issue? Regards, Salvatore
Current thread:
- CVE Request: LDAP Account Manager XSS in login.php Salvatore Bonaccorso (Oct 21)
- Re: CVE Request: LDAP Account Manager XSS in login.php Kurt Seifried (Oct 21)