CVE-2024-52947 Information
Nov 20, 2024
cve
Description
A cross-site scripting (XSS) vulnerability in LemonLDAP::NG before 2.20.1 allows remote attackers to inject arbitrary web script or HTML via the url parameter of the upgrade session confirmation page (upgradeSession / forceUpgrade) if the �pgrade session\ plugin has been enabled by an admin
Reference
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3257
A
cross-site
scripting
(XSS)
vulnerability
in
LemonLDAP::NG
before
2.20.1
allows
remote
attackers
to
inject
arbitrary
web
script
or
HTML
via
the
url
parameter
of
the
upgrade
session
confirmation
page
(upgradeSession
/
forceUpgrade)
if
the
�pgrade
session
plugin
has
been
enabled
by
an
admin