PhpLDAPadmin '_debug' Cross Site Scripting Vulnerability Network Vulnerability

Summary

This host is running phpLDAPadmin and is prone to cross site scripting vulnerability.

Impact

Successful exploitation will allow remote attackers to insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site. Impact Level: Application

Solution

Apply patch from below link, http://phpldapadmin.git.sourceforge.net/git/gitweb.cgi?p=phpldapadmin/phpldapadmin a=commit h=64668e882b8866fae0fa1b25375d1a2f3b4672e2

Insight

The flaw is due to improper validation of user-supplied input appended to the URL in cmd.php (when 'cmd' is set to '_debug'), which allows attackers to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.

Affected

phpLDAPadmin versions 1.2.0 through 1.2.1.1

References

http://openwall.com/lists/oss-security/2011/10/24/9
http://secunia.com/advisories/46551
http://xforce.iss.net/xforce/xfdb/70918
https://bugzilla.redhat.com/show_bug.cgi?id=748538

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-4074

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Solr Directory Traversal Vulnerability Jan-14
Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
Adobe BlazeDS XML and XML External Entity Injection Vulnerabilities
AjaXplorer 'doc_file' Parameter Local File Disclosure Vulnerability
Apache ActiveMQ Source Code Information Disclosure Vulnerability

phpLDAPadmin '_debug' Cross Site Scripting Vulnerability

Take action and discover your vulnerabilities