Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4074

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2011-4074
Last Modified 26 Jan 2012 11:03:26
Published 02 Nov 2011 01:55:01
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-4074

Summary

Cross-site scripting (XSS) vulnerability in cmd.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via an _debug command.

Vulnerable Systems

Application

  • Deon George Phpldapadmin 1.2.0

  • Deon George Phpldapadmin 1.2.0.1

  • Deon George Phpldapadmin 1.2.0.2

  • Deon George Phpldapadmin 1.2.0.3

  • Deon George Phpldapadmin 1.2.0.4

  • Deon George Phpldapadmin 1.2.0.5

  • Deon George Phpldapadmin 1.2.1

  • Deon George Phpldapadmin 1.2.1.1


References

CONFIRM - http://phpldapadmin.git.sourceforge.net/git/gitweb.cgi?p=phpldapadmin/phpldapadmin;a=blobdiff;f=htdocs/cmd.php;h=0ddf0044355abc94160be73122eb34f3e48ab2d9;hp=34f3848fe4a6d4c00c7c568afa81f59579f5d724;hb=64668e882b8866fae0fa1b25375d1a2f3b4672e2;hpb=caeba72171ade4f588fef1818aa4f6243a68b85e

MLIST - [oss-security] 20111025 Re: CVE request: phpldapadmin <= 1.2.1.1 XSS and and code injection flaws

MLIST - [oss-security] 20111024 CVE request: phpldapadmin <= 1.2.1.1 XSS and and code injection flaws

SECUNIA - 46551

CONFIRM - http://phpldapadmin.sourceforge.net/wiki/index.php/Main_Page

BID - 50331

DEBIAN - DSA-2333

SECUNIA - 46672

OSVDB - 76593


Last Updated: 27 May 2016 10:57:23