CVE-2024-25976

Name of the Vulnerable Software and Affected Versions Software (affected versions not specified)

Description The issue allows for reflected XSS execution when LDAP authentication is activated in the configuration. This can be achieved by creating a custom URL that, when opened by the victim, executes arbitrary JavaScript code in the victim's browser. The fault lies in the file login.php, where the content of $ SERVER['PHP SELF'] is reflected into the website's HTML, enabling exploitation without the need for a valid account.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.