Cross-site scripting (XSS) vulnerability in templates/login.php in LDAP Account Manager (LAM) 4.3 and 4.2.1 allows remote attackers to inject arbitrary web script or HTML via the language parameter.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "4.4-1", "binary_name": "ldap-account-manager" }, { "binary_version": "4.4-1", "binary_name": "ldap-account-manager-lamdaemon" } ] }