Vulnerabilities > Ldap Account Manager > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-27 | CVE-2022-31085 | Insufficiently Protected Credentials vulnerability in multiple products LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. | 6.1 |
| 2022-06-27 | CVE-2022-31086 | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. | 6.0 |
| 2022-06-27 | CVE-2022-31088 | Injection vulnerability in multiple products LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. | 5.0 |
| 2022-04-15 | CVE-2022-24851 | Cross-site Scripting vulnerability in multiple products LDAP Account Manager (LAM) is an open source web frontend for managing entries stored in an LDAP directory. | 4.8 |
| 2019-12-05 | CVE-2012-1115 | Cross-site Scripting vulnerability in multiple products A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the export, add_value_form, and dn parameters to cmd.php. | 4.3 |
| 2019-12-05 | CVE-2012-1114 | Cross-site Scripting vulnerability in multiple products A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the filter parameter to cmd.php in an export and exporter_id action. | 4.3 |
| 2018-03-27 | CVE-2018-8764 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 places a CSRF token in the sec_token parameter of a URI, which makes it easier for remote attackers to defeat a CSRF protection mechanism by leveraging logging. | 6.8 |
| 2018-03-27 | CVE-2018-8763 | Cross-site Scripting vulnerability in multiple products Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 has XSS via the dn parameter to the templates/3rdParty/pla/htdocs/cmd.php URI or the template parameter to the templates/3rdParty/pla/htdocs/cmd.php?cmd=rename_form URI. | 4.3 |
| 2013-11-05 | CVE-2013-4453 | Cross-Site Scripting vulnerability in Ldap-Account-Manager Ldap Account Manager 4.2.1/4.3 Cross-site scripting (XSS) vulnerability in templates/login.php in LDAP Account Manager (LAM) 4.3 and 4.2.1 allows remote attackers to inject arbitrary web script or HTML via the language parameter. | 4.3 |
| 2007-04-03 | CVE-2007-1840 | HTML Injection vulnerability in LDAP Account Manager lib/modules.inc in LDAP Account Manager (LAM) before 1.3.0 does not escape HTML special characters in LDAP data, which allows remote attackers to have an unknown impact, probably cross-site scripting (XSS). network ldap-account-manager | 4.3 |