CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 1CVE-2020-35132
https://notcve.org/view.php?id=CVE-2020-35132
11 Dec 2020 — An XSS issue has been discovered in phpLDAPadmin before 1.2.6.2 that allows users to store malicious values that may be executed by other users at a later time via get_request in lib/function.php. Se detectó un problema de tipo XSS en phpLDAPadmin versiones anteriores a 1.2.6.2, que permite a usuarios almacenar valores maliciosos que pueden ser ejecutados por otros usuarios en un momento posterior por medio de la función get_request en la biblioteca lib/function.php • https://bugs.launchpad.net/ubuntu/+source/phpldapadmin/+bug/1906474 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2011-4082
https://notcve.org/view.php?id=CVE-2011-4082
26 Nov 2019 — A local file inclusion flaw was found in the way the phpLDAPadmin before 0.9.8 processed certain values of the "Accept-Language" HTTP header. A remote attacker could use this flaw to cause a denial of service via specially-crafted request. Se encontró un fallo de inclusión de archivo local en la manera en que phpLDAPadmin versiones anteriores a 0.9.8 procesó determinados valores del encabezado HTTP "Accept-Language". Un atacante remoto podría usar este fallo para causar una denegación de servicio por medio ... • https://access.redhat.com/security/cve/cve-2011-4082 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2017-11107 – Ubuntu Security Notice USN-4620-1
https://notcve.org/view.php?id=CVE-2017-11107
08 Jul 2017 — phpLDAPadmin through 1.2.3 has XSS in htdocs/entry_chooser.php via the form, element, rdn, or container parameter. phpLDAPadmin hasta versión 1.2.3 presenta una vulnerabilidad de tipo cross-site scripting XSS en el archivo htdocs/entry_chooser.php por medio de los parámetros form, element, rdn o container. It was discovered that phpLDAPadmin didn't properly sanitize before being echoed to the user. A remote attacker could inject arbitrary HTML/Javascript code in a user's context and cause a crash, resulting... • https://bugs.launchpad.net/ubuntu/+source/phpldapadmin/+bug/1701731 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 10%CPEs: 1EXPL: 2CVE-2012-0834 – phpLDAPadmin 1.2.2 - 'base' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-0834
11 Feb 2012 — Cross-site scripting (XSS) vulnerability in lib/QueryRender.php in phpLDAPadmin 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the base parameter in a query_engine action to cmd.php. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en lib/QueryRender.php en phpLDAPadmin v1.2.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro base en una acción query_engin sobre cmd.php • https://www.exploit-db.com/exploits/36654 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 25%CPEs: 3EXPL: 13CVE-2006-2016 – phpLDAPadmin 0.9.8 - 'copy_form.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-2016
25 Apr 2006 — Multiple cross-site scripting (XSS) vulnerabilities in phpLDAPadmin 0.9.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dn parameter in (a) compare_form.php, (b) copy_form.php, (c) rename_form.php, (d) template_engine.php, and (e) delete_form.php; (2) scope parameter in (f) search.php; and (3) Container DN, (4) Machine Name, and (5) UID Number fields in (g) template_engine.php. • https://www.exploit-db.com/exploits/27718 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 11%CPEs: 2EXPL: 2CVE-2005-2792 – phpLDAPadmin 0.9.6/0.9.7 - 'welcome.php' Arbitrary File Inclusion
https://notcve.org/view.php?id=CVE-2005-2792
02 Sep 2005 — Directory traversal vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the custom_welcome_page parameter. • https://www.exploit-db.com/exploits/26211 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 2%CPEs: 2EXPL: 2CVE-2005-2793
https://notcve.org/view.php?id=CVE-2005-2793
02 Sep 2005 — PHP remote file inclusion vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows remote attackers to execute arbitrary PHP code via the custom_welcome_page parameter. • http://marc.info/?l=bugtraq&m=112542447219235&w=2 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2005-2654
https://notcve.org/view.php?id=CVE-2005-2654
30 Aug 2005 — phpldapadmin before 0.9.6c allows remote attackers to gain anonymous access to the LDAP server, even when disable_anon_bind is set, via an HTTP request to login.php with the anonymous_bind parameter set. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=322423 •