FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-19 20:48:44 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
6d78202e-e2f9-11da-8674-00123ffe8333	phpldapadmin -- Cross-Site Scripting and Script Insertion vulnerabilities Secunia reports: phpLDAPadmin have some vulnerabilities, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting attacks. 1) Some input isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed to the "Container DN", "Machine Name", and "UID Number" parameters in "template_engine.php" isn't properly sanitised before being used. This can be exploited to inject arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious user data is viewed. Discovery 2006-04-21 Entry 2006-05-14 phpldapadmin098 < 0.9.8.3 CVE-2006-2016 http://pridels.blogspot.com/2006/04/phpldapadmin-multiple-vuln.html http://www.frsirt.com/english/advisories/2006/1450 http://secunia.com/advisories/19747/

VuXML ID

Description

6d78202e-e2f9-11da-8674-00123ffe8333

phpldapadmin -- Cross-Site Scripting and Script Insertion vulnerabilities

Secunia reports:

phpLDAPadmin have some vulnerabilities, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting attacks.

1) Some input isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

2) Input passed to the "Container DN", "Machine Name", and "UID Number" parameters in "template_engine.php" isn't properly sanitised before being used. This can be exploited to inject arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious user data is viewed.

Discovery 2006-04-21
Entry 2006-05-14
phpldapadmin098

< 0.9.8.3

CVE-2006-2016
http://pridels.blogspot.com/2006/04/phpldapadmin-multiple-vuln.html
http://www.frsirt.com/english/advisories/2006/1450
http://secunia.com/advisories/19747/