Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 20 Jul 2017 05:49:13 +0200
From: Salvatore Bonaccorso <>
To: OSS Security Mailinglist <>
Cc: John Lightsey <>
Subject: phamm: CVE-2017-0378: reflected XSS in login page


John Lightsey found a reflected XSS vulnerability in phamm login page.
phamm is a PHP front-end to manage virtual services on LDAP.

Quoting his report in Debian[0]:

> While looking through I noticed that phamm's
> views/helpers.php uses $_SERVER['PHP_SELF'] in a way that is
> vulnerable to reflected XSS attacks.
> To reproduce the problem, load a URL like this in Firefox:



Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ