CVE-2018-8763

6.1MEDIUM

Key Information

Vendor: Debian
Status: Debian Linux
Vendor: CVE Published:; 27 March 2018

Summary

Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 has XSS via the dn parameter to the templates/3rdParty/pla/htdocs/cmd.php URI or the template parameter to the templates/3rdParty/pla/htdocs/cmd.php?cmd=rename_form URI.

References

https://www.debian.org/security/2018/dsa-4165

vendor-advisoryx_refsource_DEBIAN

https://lists.debian.org/debian-lts-announce/2018/04/msg0...

mailing-listx_refsource_MLIST

http://packetstormsecurity.com/files/146858/LDAP-Account-...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 27, 2018
Vulnerability Reserved
Mar 18, 2018

Collectors

NVD DatabaseMitre Database