CVE-2020-35132

An XSS issue has been discovered in phpLDAPadmin before 1.2.6.2 that allows users to store malicious values that may be executed by other users at a later time via get_request in lib/function.php.

References

Affected packages

Git / github.com/leenooks/phpLDAPadmin

Affected ranges

Type

GIT

Repo

https://github.com/leenooks/phpLDAPadmin

Events

Introduced

Fixed

a8fe6f32743d9db7a0de38fa21d71e61ae0b6a52

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.2.6.2"
        }
    ]
}

Type: GIT
Repo: https://github.com/leenooks/phpldapadmin
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

c87571f6b7be15d5cd8b26381b6eb31ad03d28e2

Affected versions

1.*

1.2.3

1.2.4

1.2.5

1.2.6

1.2.6.1

RELEASE-0.*

RELEASE-0.9.0

RELEASE-0.9.1

RELEASE-0.9.2

RELEASE-0.9.3

RELEASE-0.9.5

RELEASE-0.9.7

RELEASE-0.9.7.1

RELEASE-0.9.7.2

RELEASE-0.9.8

RELEASE-0.9.8.1

RELEASE-1.*

RELEASE-1.0.0

RELEASE-1.1.0

RELEASE-1.1.0.1

RELEASE-1.1.0.2

RELEASE-1.1.0.3

RELEASE-1.1.0.4

RELEASE-1.1.0.5

RELEASE-1.1.0.6

RELEASE-1.1.0.7

RELEASE-1.2.0

RELEASE-1.2.0-rc1

RELEASE-1.2.0.1

RELEASE-1.2.0.2

RELEASE-1.2.0.3

RELEASE-1.2.0.4

RELEASE-1.2.0.5

RELEASE-1.2.1

RELEASE-1.2.1.1

RELEASE-1.2.2

RELEASE-1.2.3

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "32"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "33"
            }
        ]
    }
]

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-35132.json"