CVE-2018-8763
MEDIUM6.1EPSS 0.45%ldap-account-manager - security update
Published: 3/27/2018Modified: 4/28/2026
Also known as:DEBIAN-CVE-2018-8763
Description
Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 has XSS via the dn parameter to the templates/3rdParty/pla/htdocs/cmd.php URI or the template parameter to the templates/3rdParty/pla/htdocs/cmd.php?cmd=rename_form URI.
Affected packages (3)
- Debian/ldap-account-managerfrom 0, < 6.3-1
- Debian/ldap-account-managerfrom 0, < 3.7-2+deb7u1
- Debian/ldap-account-managerfrom 0, < 4.7.1-1+deb8u1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.1 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |