CVE-2006-2016
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2006-2016
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2006-2016.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2006-2016
- Downstream
- Published
- 2006-04-25T12:50:00Z
- Modified
- 2025-08-09T19:01:28Z
- Summary
- [none]
- Details
-
Multiple cross-site scripting (XSS) vulnerabilities in phpLDAPadmin 0.9.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dn parameter in (a) compareform.php, (b) copyform.php, (c) renameform.php, (d) templateengine.php, and (e) deleteform.php; (2) scope parameter in (f) search.php; and (3) Container DN, (4) Machine Name, and (5) UID Number fields in (g) templateengine.php.
- References
-
- http://pridels0.blogspot.com/2006/04/phpldapadmin-multiple-vuln.html
- http://secunia.com/advisories/19747
- http://secunia.com/advisories/20124
- http://www.debian.org/security/2006/dsa-1057
- http://www.securityfocus.com/bid/17643
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25958
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25959
- http://www.osvdb.org/24788
- http://www.osvdb.org/24789
- http://www.osvdb.org/24790
- http://www.osvdb.org/24792
- http://www.osvdb.org/24793
- http://www.osvdb.org/24794
- http://www.vupen.com/english/advisories/2006/1450