Secunia Logo  


Secunia PSI WorldMap
 
CVE Reference: CVE-2007-1840
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2007-1840

Description:
lib/modules.inc in LDAP Account Manager (LAM) before 1.3.0 does not escape HTML special characters in LDAP data, which allows remote attackers to have an unknown impact, probably cross-site scripting (XSS).

CVE Status:
Candidate

References:

SAID
  Secunia Advisory: SA24687
  Secunia Advisory: SA25157

DEBIAN
  http://www.us.debian.org/security/2007/dsa-1287

CONFIRM
  http://lam.sourceforge.net/changelog/index.htm
  http://lam.cvs.sourceforge.net/lam/lam/lib/modules.inc?r1=1.173&r2=1.174

BID
  23190


Return to the previous page.