Fluid Attacks Database

Description

lib/modules.inc in LDAP Account Manager (LAM) before 1.3.0 does not escape HTML special characters in LDAP data, which allows remote attackers to have an unknown impact, probably cross-site scripting (XSS).

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	ldap-account-manager	>=0 <1.1.1-2	1.1.1-2
debian 13	ldap-account-manager	>=0 <1.1.1-2	1.1.1-2
debian 12	ldap-account-manager	>=0 <1.1.1-2	1.1.1-2

Aliases

1. CVE-2007-18402. NVD-2007-18403. OSV-DEBIAN-2007-18404. OSV-2007-18405. SECURITY-TRACKER-CVE-2007-1840

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.