CVE-2018-8763

Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 has XSS via the dn parameter to the templates/3rdParty/pla/htdocs/cmd.php URI or the template parameter to the templates/3rdParty/pla/htdocs/cmd.php?cmd=rename_form URI.

References

Affected packages

Git / github.com/ldapaccountmanager/lam

Affected ranges

Type

GIT

Repo

https://github.com/ldapaccountmanager/lam

Events

Introduced

Last affected

3e20940d3429d37cac37d8d9cfea649bcd82f0aa

Introduced

Last affected

cb97baae7b1aadffd1b54d0bbcb487a5ca769823

Introduced

Last affected

1fbcbea3c17e77d65d8ea0ff73c1e663387d25b5

Introduced

Fixed

fe1547e145b06e55048d8385e03ea41df24bf421

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "8.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0"
        },
        {
            "introduced": "0"
        },
        {
            "fixed": "6.3"
        }
    ]
}

Affected versions

8.*

8.5

8.6

8.6.RC1

8.7

8.7.RC1

8.8

8.8.RC1

8.9

8.9.RC1

9.*

9.0

9.0.RC1

Other

lam_5_4

lam_5_4_RC1

lam_5_5

lam_5_5_RC1

lam_5_6

lam_5_6_RC1

lam_5_7

lam_5_7_RC1

lam_6_0

lam_6_0_RC1

lam_6_0_RC2

lam_6_1

lam_6_1_RC1

lam_6_2

lam_6_2_RC1

lam_6_3

lam_6_3_RC1

lam_6_4

lam_6_4_RC1

lam_6_5

lam_6_5_RC1

lam_6_6

lam_6_6_RC1

lam_6_7

lam_6_7_RC1

lam_6_8

lam_6_8_RC1

lam_6_9

lam_6_9_RC1

lam_7_0

lam_7_0_RC1

lam_7_1

lam_7_1_RC1

lam_7_2

lam_7_2_RC1

lam_7_3

lam_7_4

lam_7_4_RC1

lam_7_5

lam_7_5_RC1

lam_7_6

lam_7_6_RC1

lam_7_7

lam_7_7_RC1

lam_7_8

lam_7_8_RC1

lam_7_9_RC1

lam_8_0

lam_8_0_1

lam_8_0_RC1

lam_8_1

lam_8_1_RC1

lam_8_2

lam_8_2_RC1

lam_8_3

lam_8_3_RC1

lam_8_4

lam_8_4_RC1

lam_8_5_RC1

untagged-0f11e4b04e249cac51c5

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-8763.json"