CVE-2024-57279 Information

Description

A reflected Cross-Site Scripting (XSS) vulnerability has been identified in the LDAP User Manager <= ce92321 specifically in the /setup/index.php endpoint via the returnto parameter. This vulnerability arises due to improper sanitization of user-supplied input allowing an attacker to inject malicious JavaScript.

Reference

https://github.com/wheelybird/ldap-user-manager/issues/232 https://github.com/wheelybird/ldap-user-manager/issues/232