Test ID:	1.3.6.1.4.1.25623.1.0.802602
Category:	Web application abuses
Title:	phpLDAPadmin < 1.2.3 XSS Vulnerability - Active Check
Summary:	phpLDAPadmin is prone to a cross-site scripting (XSS); vulnerability.
Description:	Summary: phpLDAPadmin is prone to a cross-site scripting (XSS) vulnerability. Vulnerability Insight: The flaw is due to improper validation of user-supplied input to the 'base' parameter in 'cmd.php', which allows attackers to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. Vulnerability Impact: Successful exploitation will allow remote attackers to insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site. Affected Software/OS: phpLDAPadmin version 1.2.2 and probably prior. Solution: Update to version 1.2.3 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-0834 47852 http://secunia.com/advisories/47852 MDVSA-2012:020 http://www.mandriva.com/security/advisories?name=MDVSA-2012:020 [oss-security] 20120202 CVE request: phpldapadmin "base" Cross-Site Scripting Vulnerability http://openwall.com/lists/oss-security/2012/02/02/9 [oss-security] 20120203 Re: CVE request: phpldapadmin "base" Cross-Site Scripting Vulnerability http://openwall.com/lists/oss-security/2012/02/03/3 http://phpldapadmin.git.sourceforge.net/git/gitweb.cgi?p=phpldapadmin/phpldapadmin%3Ba=commit%3Bh=7dc8d57d6952fe681cb9e8818df7f103220457bd https://sourceforge.net/tracker/index.php?func=detail&aid=3477910&group_id=61828&atid=498546
Copyright	Copyright (C) 2012 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.