Phamm: Security Vulnerabilities
Phamm (aka PHP LDAP Virtual Hosting Manager) 0.6.8 allows XSS via the login page (the /public/main.php action parameter).
CVSS Score
6.1
EPSS Score
0.002
Published
2019-03-17
XSS exists in the login_form function in views/helpers.php in Phamm before 0.6.7, exploitable via the PATH_INFO to main.php.
CVSS Score
6.1
EPSS Score
0.005
Published
2017-07-20