CVE-2020-35132

MEDIUM

phpldapadmin < 1.2.6.2 - Stored Cross-Site Scripting via get_request in lib/function.php

Title source: llm
STIX 2.1

Description

An XSS issue has been discovered in phpLDAPadmin before 1.2.6.2 that allows users to store malicious values that may be executed by other users at a later time via get_request in lib/function.php.

References (6)

Core 6
Core References
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugs.launchpad.net/ubuntu/+source/phpldapadmin/+bug/1906474
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/leenooks/phpLDAPadmin/issues/130
Patch, Third Party Advisory x_refsource_misc
https://github.com/leenooks/phpLDAPadmin/compare/1.2.5...1.2.6.2

Scores

CVSS v3 5.4
EPSS 0.0132
EPSS Percentile 67.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (3)
fedoraproject/fedora 32
fedoraproject/fedora 33
phpldapadmin_project/phpldapadmin < 1.2.6.2
Published Dec 11, 2020
Tracked Since Feb 18, 2026