| Vulnerability Name: | CVE-2013-4453 (CCN-88203) | ||||||||||||||||||||||||||||||||||||||||||||
| Assigned: | 2013-10-21 | ||||||||||||||||||||||||||||||||||||||||||||
| Published: | 2013-10-21 | ||||||||||||||||||||||||||||||||||||||||||||
| Updated: | 2017-08-29 | ||||||||||||||||||||||||||||||||||||||||||||
| Summary: | Cross-site scripting (XSS) vulnerability in templates/login.php in LDAP Account Manager (LAM) 4.3 and 4.2.1 allows remote attackers to inject arbitrary web script or HTML via the language parameter. | ||||||||||||||||||||||||||||||||||||||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||||||||||||||||||||||||||||||||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N) 3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
| ||||||||||||||||||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-79 | ||||||||||||||||||||||||||||||||||||||||||||
| Vulnerability Consequences: | Cross-Site Scripting | ||||||||||||||||||||||||||||||||||||||||||||
| References: | Source: CCN Type: Debian Bug report logs - #726976 Web Site ldap-account-manager: CVE-2013-4453: Pre-Authentication Cross-Site-Scripting in current_language parameter Source: CONFIRM Type: UNKNOWN http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=726976 Source: MITRE Type: CNA CVE-2013-4453 Source: OSVDB Type: UNKNOWN 98828 Source: CCN Type: oss-sec Mailing List, Mon, 21 Oct 2013 23:16:47 +0200 CVE Request: LDAP Account Manager XSS in login.php Source: MLIST Type: Patch [oss-security] 20131021 Re: CVE Request: LDAP Account Manager XSS in login.php Source: CCN Type: SA55413 LDAP Account Manager "language" Cross-Site Scripting Vulnerability Source: SECUNIA Type: Vendor Advisory 55413 Source: CONFIRM Type: Patch http://sourceforge.net/p/lam/bugs/156 Source: CCN Type: LDAP Account Manager Repository Web Site LDAP Account Manager Repository Source: CCN Type: LDAP Account Manager Web Site LDAP Account Manager Source: MISC Type: Patch http://www.rusty-ice.de/advisory/advisory_2013001.txt Source: CCN Type: BID-63254 LDAP Account Manager 'current_language' Parameter Cross Site Scripting Vulnerability Source: XF Type: UNKNOWN ldapaccountmanager-cve20134453-login-xss(88203) Source: XF Type: UNKNOWN ldapaccountmanager-cve20134453-login-xss(88203) Source: CCN Type: WhiteSource Vulnerability Database CVE-2013-4453 | ||||||||||||||||||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||||||||||||||||||