Vulnerability Description
Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 has XSS via the dn parameter to the templates/3rdParty/pla/htdocs/cmd.php URI or the template parameter to the templates/3rdParty/pla/htdocs/cmd.php?cmd=rename_form URI.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian | Debian Linux | 7.0 |
| Ldap-Account-Manager | Ldap Account Manager | < 6.3 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/146858/LDAP-Account-Manager-6.2-Cross-Site-ExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2018/Mar/45ExploitMailing ListThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2018/04/msg00007.htmlThird Party Advisory
- https://www.debian.org/security/2018/dsa-4165Third Party Advisory
- http://packetstormsecurity.com/files/146858/LDAP-Account-Manager-6.2-Cross-Site-ExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2018/Mar/45ExploitMailing ListThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2018/04/msg00007.htmlThird Party Advisory
- https://www.debian.org/security/2018/dsa-4165Third Party Advisory
FAQ
What is CVE-2018-8763?
CVE-2018-8763 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 has XSS via the dn parameter to the templates/3rdParty/pla/htdocs/cmd.php URI or the template parameter to the templates/3rdParty/pla/...
How severe is CVE-2018-8763?
CVE-2018-8763 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-8763?
Check the references section above for vendor advisories and patch information. Affected products include: Debian Debian Linux, Ldap-Account-Manager Ldap Account Manager.