Candidate: CVE-2018-8763
PublicDate: 2018-03-27 16:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8763
 https://github.com/LDAPAccountManager/lam/commit/f1d7aec5fc4aaf516e1d8a6f0eb3082050553302
 https://github.com/LDAPAccountManager/lam/commit/16fc7f7e8603c5cb7c129cfbf97fc572b9b8740c
 https://github.com/LDAPAccountManager/lam/commit/d4f0d6db966af4dd7d83c978125635f03895b81a
 https://www.ldap-account-manager.org/lamcms/node/354
Description:
 Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 has XSS
 via the dn parameter to the templates/3rdParty/pla/htdocs/cmd.php URI or
 the template parameter to the
 templates/3rdParty/pla/htdocs/cmd.php?cmd=rename_form URI.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N [6.1 MEDIUM]


Patches_ldap-account-manager:
upstream_ldap-account-manager: released (6.3-1)
precise/esm_ldap-account-manager: DNE
trusty_ldap-account-manager: ignored (reached end-of-life)
trusty/esm_ldap-account-manager: DNE (trusty was needs-triage)
xenial_ldap-account-manager: ignored (end of standard support, was needed)
artful_ldap-account-manager: ignored (reached end-of-life)
bionic_ldap-account-manager: needed
cosmic_ldap-account-manager: ignored (reached end-of-life)
disco_ldap-account-manager: not-affected (6.3-1)
eoan_ldap-account-manager: not-affected (6.3-1)
focal_ldap-account-manager: not-affected (6.3-1)
groovy_ldap-account-manager: not-affected (6.3-1)
hirsute_ldap-account-manager: not-affected (6.3-1)
impish_ldap-account-manager: not-affected (6.3-1)
jammy_ldap-account-manager: not-affected (6.3-1)
devel_ldap-account-manager: not-affected (6.3-1)