PT-2019-6735 · Lam · Ldap Account Manager (Lam) Pro

Jan Lieskovsky

Published

2019-12-05

Updated

2019-12-12

CVE-2012-1114

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions LDAP Account Manager (LAM) Pro version 3.6

Description A Cross-Site Scripting (XSS) issue exists in the filter parameter to "cmd.php" in an export and exporter id action, and the filteruid parameter to "list.php".

Recommendations For LDAP Account Manager (LAM) Pro version 3.6, consider disabling access to the "cmd.php" and "list.php" scripts until a patch is available, or restrict the use of the filter and filteruid parameters in these scripts to minimize the risk of exploitation.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2012-1114

Affected Products

Ldap Account Manager (Lam) Pro

PT-2019-6735 · Lam · Ldap Account Manager (Lam) Pro

CVE-2012-1114

Weakness Enumeration

Related Identifiers

Affected Products

References · 14