PT-2025-6005 · Unknown · Ldap User Manager

Yichao Xu

Published

2025-02-07

Updated

2025-02-09

CVE-2024-57279

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions LDAP User Manager versions <= ce92321

Description A reflected Cross-Site Scripting (XSS) issue has been identified, specifically in the "/setup/index.php" endpoint via the returnto parameter. This arises due to improper sanitization of user-supplied input, allowing an attacker to inject malicious JavaScript.

Recommendations For LDAP User Manager versions <= ce92321, consider disabling access to the "/setup/index.php" endpoint until a patch is available, or restrict the use of the returnto parameter to minimize the risk of exploitation.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2024-57279

Affected Products

Ldap User Manager

PT-2025-6005 · Unknown · Ldap User Manager

CVE-2024-57279

Weakness Enumeration

Related Identifiers

Affected Products

References · 7