EPSS
Percentile
50.6%
phpLDAPadmin is vulnerable to cross-site scripting (XSS). A remote attacker is able to inject and execute arbitrary Javascript in a user’s browser via the form, element, rdn, or container parameter in htdocs/entry_chooser.php.
form
element
rdn
container
htdocs/entry_chooser.php
bugs.launchpad.net/ubuntu/+source/phpldapadmin/+bug/1701731
github.com/leenooks/phpLDAPadmin/issues/50
lists.debian.org/debian-lts-announce/2018/10/msg00023.html