CVE-2012-1115

Name of the Vulnerable Software and Affected Versions LDAP Account Manager (LAM) Pro version 3.6

Description A Cross-Site Scripting (XSS) issue exists in the export, add value form, and dn parameters to "cmd.php" API endpoint. This allows for potential malicious script execution.

Recommendations For LDAP Account Manager (LAM) Pro version 3.6, consider restricting access to the "cmd.php" API endpoint until a patch is available. As a temporary workaround, avoid using the export, add value form, and dn parameters in the affected API endpoint. At the moment, there is no information about a newer version that contains a fix for this vulnerability.