Ismail Belkacim

**Name of the Vulnerable Software and Affected Versions** phpLDAPadmin versions prior to 1.2.3 **Description** The issue is related to XSS in the htdocs/entry chooser.php file, which can be exploited via the `form`, `element`, `rdn`, or `container` parameter. **Recommendations** For versions prior to 1.2.3, update to a version that contains a fix for this issue to prevent exploitation.

**Name of the Vulnerable Software and Affected Versions** PMB versions 4.1.3 and earlier **Description** The issue allows remote authenticated users to execute arbitrary SQL commands. This is achieved by exploiting the `id` parameter in the catalog.php file, which is vulnerable to SQL injection. **Recommendations** For PMB versions 4.1.3 and earlier, consider restricting access to the catalog.php file until a patch is available. As a temporary workaround, avoid using the `id` parameter in the catalog.php file to minimize the risk of exploitation.