CNNVD-202509-2338 Information
CNNVD ID
CNNVD-202509-2338
Related CVE
- CNNVD Published: 2025-09-16
Description (Chinese)
LDAP Account Manager(LAM)是LDAP Account Manager开源的一个 Web 前端,用于管理存储在 LDAP 目录中的条目(例如用户、组、DHCP 设置)。 LDAP Account Manager(LAM) 9.3之前版本存在跨站脚本漏洞,该漏洞源于配置文件名称字段未正确清理用户输入,可能导致存储型跨站脚本攻击。
Description (English)
LDAP Account Manager (LAM) is a web frontend for LDAP Account Manager to manage entries stored in LDAP directories (e.g. user, group, DHCP settings). LDAP Account Manager (LAM) version 9.3 had a cross-site script loophole, which stemmed from the fact that the configuration file name field did not properly clean up user input and could result in a storage-type cross-site script attack.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
LDAP Account Manager
Published
2025-09-16
Last Modified
2026-02-24
References
https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-6gqg-wm9x-5x3m https://access.redhat.com/security/cve/cve-2025-58174
Patch
https://www.ldap-account-manager.org/lamcms/releases
Share on: