Bug#365314: CVE-2006-2016: multiple xss vulnerabilities in phpldapadmin

[Stefan Fritsch]

Package: egroupware-phpldapadmin
Severity: important
Tags: security

CVE-2006-2016:
Multiple cross-site scripting (XSS) vulnerabilities in phpLDAPadmin
0.9.8 and earlier allow remote attackers to inject arbitrary web
script or HTML via the (1) dn parameter in (a) compare_form.php, (b)
copy_form.php, (c) rename_form.php, (d) template_engine.php, and (e)
delete_form.php; (2) scope parameter in (f) search.php; and (3)
Container DN, (4) Machine Name, and (5) UID Number fields in (g)
template_engine.php.

See: 
http://pridels.blogspot.com/2006/04/phpldapadmin-multiple-vuln.html


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]