CVE-2019-25095

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-25095

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-25095.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2019-25095

Aliases

Published

2023-01-05T08:15:08Z

Modified

2025-07-01T09:02:26.814900Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A vulnerability, which was classified as problematic, was found in kakwa LdapCherry up to 0.x. Affected is an unknown function of the component URL Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.0.0 is able to address this issue. The patch is identified as 6f98076281e9452fdb1adcd1bcbb70a6f968ade9. It is recommended to upgrade the affected component. VDB-217434 is the identifier assigned to this vulnerability.

References

Affected packages

Git / github.com/kakwa/ldapcherry

Affected ranges

Type: GIT
Repo: https://github.com/kakwa/ldapcherry
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

6f98076281e9452fdb1adcd1bcbb70a6f968ade9

Fixed

932e7a8b40c2e2160ca7484da2ad32757dd1d4c0

Affected versions

0.*

0.0.1

0.1.0

0.2.0

0.2.1

0.2.2

0.2.3

0.2.4

0.2.5

0.3.0

0.3.1

0.3.2

0.3.3

0.3.4

0.3.5

0.4.0

0.5.0

0.5.1

0.5.2