lib/modules.inc in LDAP Account Manager (LAM) before 1.3.0 does not escape HTML special characters in LDAP data, which allows remote attackers to have an unknown impact, probably cross-site scripting (XSS).
Name | Vendor | Start Version | End Version |
---|---|---|---|
Ldap_account_manager | Ldap_account_manager | * | 1.0_rc2 (including) |