CVE-2007-1840

Name of the Vulnerable Software and Affected Versions: LDAP Account Manager (LAM) versions prior to 1.3.0

Description: The issue concerns the failure to escape HTML special characters in LDAP data, potentially allowing remote attackers to conduct cross-site scripting (XSS) attacks. Additionally, there are multiple vulnerabilities in the ldap-account-manager package that can lead to breaches of confidentiality, integrity, and availability of protected information, which can be exploited by a local attacker.

Recommendations: For versions prior to 1.3.0, update to version 1.3.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the LDAP data to minimize the risk of exploitation.