Lucene search

RedhatCVE-2012-0834

HistoryFeb 11, 2012 - 2:55 a.m.

CVE-2012-0834

2012-02-1102:55:01

CWE-79

redhat

web.nvd.nist.gov

cve-2012-0834

cross-site scripting

xss

phpldapadmin

security vulnerability

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.8

Confidence

High

EPSS

0.005

Percentile

75.5%

JSON

Cross-site scripting (XSS) vulnerability in lib/QueryRender.php in phpLDAPadmin 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the base parameter in a query_engine action to cmd.php.

Affected configurations

Nvd

Node

phpldapadmin_projectphpldapadminRange≤1.2.2

VendorProductVersionCPE
phpldapadmin_projectphpldapadmin*cpe:2.3:a:phpldapadmin_project:phpldapadmin:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
phpldapadmin_project	phpldapadmin	*	cpe:2.3:a:phpldapadmin_project:phpldapadmin::::::::

References

openwall.com/lists/oss-security/2012/02/02/9

openwall.com/lists/oss-security/2012/02/03/3

phpldapadmin.git.sourceforge.net/git/gitweb.cgi?p=phpldapadmin/phpldapadmin%3Ba=commit%3Bh=7dc8d57d6952fe681cb9e8818df7f103220457bd

secunia.com/advisories/47852

www.mandriva.com/security/advisories?name=MDVSA-2012:020

sourceforge.net/tracker/index.php?func=detail&aid=3477910&group_id=61828&atid=498546

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.8

Confidence

High

EPSS

0.005

Percentile

75.5%

JSON

Related for CVE-2012-0834