FreeBSD : phpldapadmin -- XSS and Script Insertion vulnerabilities (6d78202e-e2f9-11da-8674-00123ffe8333)

This script is Copyright (C) 2006-2014 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Secunia reports :

phpLDAPadmin have some vulnerabilities, which can be exploited by
malicious users to conduct script insertion attacks and by malicious
people to conduct cross-site scripting attacks.

1) Some input isn't properly sanitised before being returned to the
user. This can be exploited to execute arbitrary HTML and script code
in a user's browser session in context of an affected site.

2) Input passed to the 'Container DN', 'Machine Name', and 'UID
Number' parameters in 'template_engine.php' isn't properly sanitised
before being used. This can be exploited to inject arbitrary HTML and
script code, which will be executed in a user's browser session in
context of an affected site when the malicious user data is viewed.

See also :

http://pridels.blogspot.com/2006/04/phpldapadmin-multiple-vuln.html
http://www.frsirt.com/english/advisories/2006/1450
http://www.nessus.org/u?bffe0126

Solution :

Update the affected package.

Risk factor :

Low / CVSS Base Score : 2.6
(CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 21563 (freebsd_pkg_6d78202ee2f911da867400123ffe8333.nasl)

Bugtraq ID:

CVE ID: CVE-2006-2016

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now