Phpldapadmin Project: >> Phpldapadmin >> 1.2.2 Security Vulnerabilities
An XSS issue has been discovered in phpLDAPadmin before 1.2.6.2 that allows users to store malicious values that may be executed by other users at a later time via get_request in lib/function.php.
CVSS Score
5.4
EPSS Score
0.005
Published
2020-12-11
phpLDAPadmin 1.2.2 allows LDAP injection via a crafted server_id parameter in a cmd.php?cmd=login_form request, or a crafted username and password in the login panel.
CVSS Score
9.8
EPSS Score
0.004
Published
2018-06-22
phpLDAPadmin through 1.2.3 has XSS in htdocs/entry_chooser.php via the form, element, rdn, or container parameter.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-07-08
Cross-site scripting (XSS) vulnerability in lib/QueryRender.php in phpLDAPadmin 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the base parameter in a query_engine action to cmd.php.
CVSS Score
4.3
EPSS Score
0.103
Published
2012-02-11