Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Fri, 03 Feb 2012 01:48:52 -0700
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Agostino Sarubbo <ago@...too.org>
Subject: Re: CVE request: phpldapadmin "base" Cross-Site Scripting
 Vulnerability

On 02/02/2012 04:15 AM, Agostino Sarubbo wrote:
> According to secunia advisory: 
> https://secunia.com/advisories/47852/
> 
> Input passed via the "base" parameter to cmd.php (when "cmd" is set
> to "query_engine") is not properly sanitised in lib/QueryRender.php
> before being returned to the user. This can be exploited to execute
> arbitrary HTML and script code in a user's browser session in
> context of an affected site.
> 
> The vulnerability is confirmed in version 1.2.2. Other versions may
> also be affected.
> 
> Original Advisory: 
> https://sourceforge.net/tracker/index.php?func=detail&aid=3477910&group_id=61828&atid=498546
>
>  Commit code: 
> http://phpldapadmin.git.sourceforge.net/git/gitweb.cgi?p=phpldapadmin/phpldapadmin;a=commit;h=7dc8d57d6952fe681cb9e8818df7f103220457bd
>
> 
Ah our missing friend htmlspecialchars. Please use CVE-2012-0834 for
this issue.

-- 
Kurt Seifried Red Hat Security Response Team (SRT)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.