OpenLD Unspecified Cross-Site Scripting Vulnerability

Bugtraq ID:	23896
Class:	Input Validation Error
CVE:	CVE-2007-2610
Remote:	Yes
Local:	No
Published:	May 09 2007 12:00AM
Updated:	May 07 2015 05:39PM
Credit:	The vendor reported this vulnerability.
Vulnerable:	OpenLD OpenLD 1.1.9
Not Vulnerable:	OpenLD OpenLD 1.1-modified3

OpenLD Unspecified Cross-Site Scripting Vulnerability

OpenLD is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Versions prior to 1.1-modified3 are vulnerable.

OpenLD Unspecified Cross-Site Scripting Vulnerability

An attacker can exploit this issue by enticing an unsuspecting user to follow a malicious URI.

OpenLD Unspecified Cross-Site Scripting Vulnerability

Solution:
The vendor has released fixes to address this issue; please see the references for details.


OpenLD OpenLD 1.1.9

• OpenLD OpenLD_1.1-modified3.tar.gz
  http://downloads.sourceforge.net/openld/OpenLD_1.1-modified3.tar.gz

OpenLD Unspecified Cross-Site Scripting Vulnerability

References:

• Changelog OpenLD 1.1-modified3 (OpenLD)
  
• OpenLD Web Site (OpenLD)