Bhaskarraop

**Name of the Vulnerable Software and Affected Versions** LDAP Account Manager versions prior to 9.3 **Description** LDAP Account Manager (LAM) is a web frontend for managing entries stored in an LDAP directory. The application allows stored cross-site scripting in the Profile section via the profile name field. Untrusted input is rendered as HTML and executes a supplied script. An authenticated user with permission to create or edit a profile can insert a script payload into the profile name, which is then executed when the profile data is viewed in a browser. **Recommendations** Update to version 9.3 or later.