header-logo
Suggest Exploit
vendor:
LDAP Account Manager
by:
5.5
CVSS
MEDIUM
Cross-Site Scripting
79
CWE
Product Name: LDAP Account Manager
Affected Version From: 3.4.2000
Affected Version To: 3.4.2000
Patch Exists: NO
Related CWE:
CPE: a:ldap-account-manager_project:ldap_account_manager:3.4.0
Metasploit:
Other Scripts:
Platforms Tested:

LDAP Account Manager Cross-Site Scripting Vulnerability

LDAP Account Manager is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Mitigation:

Sanitize user-supplied data to prevent the execution of script code. Input validation and output encoding should be used to filter or encode user-supplied data before displaying it to users.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/47674/info

LDAP Account Manager is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

LDAP Account Manager 3.4.0 is vulnerable; other versions may also be affected. 

http://www.example.com/ldap-account-manager-3.4.0/templates/login.php?selfserviceSaveOk=[XSS]

Navigation

Suggest Exploit

Services By CQR