Unknown · Ldap User Manager · CVE-2024-57279
**Name of the Vulnerable Software and Affected Versions**
LDAP User Manager versions <= ce92321
**Description**
A reflected Cross-Site Scripting (XSS) issue has been identified, specifically in the "/setup/index.php" endpoint via the `returnto` parameter. This arises due to improper sanitization of user-supplied input, allowing an attacker to inject malicious JavaScript.
**Recommendations**
For LDAP User Manager versions <= ce92321, consider disabling access to the "/setup/index.php" endpoint until a patch is available, or restrict the use of the `returnto` parameter to minimize the risk of exploitation.