LDAP Account Manager Pro Multiple Cross-Site Scripting Vulnerabilities
Description
Benjamin Kunz Mejri has reported multiple vulnerabilities in LDAP Account Manager Pro, which can be exploited by malicious people to conduct cross-site scripting attacks.
1) Input passed to e.g. the "filteruid" POST parameter when filtering result sets in lam/templates/lists/list.php (when "type" is set to a valid value) is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
2) Input passed to the "filter" POST parameter in lam/templates/3rdParty/pla/htdocs/cmd.php (when "cmd" is set to "export" and "exporter_id" is set to "LDIF") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
3) Input passed to the "attr" parameter in lam/templates/3rdParty/pla/htdocs/cmd.php (when "cmd" is set to "add_value_form" and "dn" is set to a valid value) is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
The vulnerabilities are reported in version 3.6. Other versions may also be affected.
Vulnerable Products
Vulnerable Software: LDAP Account Manager Pro 3.x
Solution
Filter malicious characters and character sequences using a proxy.
