Lucene search

MitreCVE-2007-1840

HistoryApr 03, 2007 - 12:19 a.m.

CVE-2007-1840

2007-04-0300:19:00

mitre

web.nvd.nist.gov

ldap account manager

lam

cve-2007-1840

xss

security vulnerability

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.004

Percentile

74.6%

JSON

lib/modules.inc in LDAP Account Manager (LAM) before 1.3.0 does not escape HTML special characters in LDAP data, which allows remote attackers to have an unknown impact, probably cross-site scripting (XSS).

Affected configurations

Nvd

Node

ldap_account_managerldap_account_managerRange≤1.0_rc2

VendorProductVersionCPE
ldap_account_managerldap_account_manager*cpe:2.3:a:ldap_account_manager:ldap_account_manager:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ldap_account_manager	ldap_account_manager	*	cpe:2.3:a:ldap_account_manager:ldap_account_manager::::::::

References

lam.cvs.sourceforge.net/lam/lam/lib/modules.inc?r1=1.173&r2=1.174

lam.sourceforge.net/changelog/index.htm

secunia.com/advisories/24687

secunia.com/advisories/25157

www.securityfocus.com/bid/23190

www.us.debian.org/security/2007/dsa-1287

www.vupen.com/english/advisories/2007/1149

exchange.xforce.ibmcloud.com/vulnerabilities/33307

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.004

Percentile

74.6%

JSON

Related for CVE-2007-1840