CVE-2006-2016
phpldapadmin - missing input sanitising
EPSS 22.0%
Description
Multiple cross-site scripting (XSS) vulnerabilities in phpLDAPadmin 0.9.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dn parameter in (a) compare_form.php, (b) copy_form.php, (c) rename_form.php, (d) template_engine.php, and (e) delete_form.php; (2) scope parameter in (f) search.php; and (3) Container DN, (4) Machine Name, and (5) UID Number fields in (g) template_engine.php.
How to fix CVE-2006-2016
To remediate CVE-2006-2016, upgrade the affected package to a fixed version below.
- Debian/phpldapadmin—upgrade to 0.9.8.3-1 or later
- —upgrade to 0.9.5-3sarge3 or later
Is CVE-2006-2016 being exploited?
Moderate — EPSS is 22.0%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 0.9.8.3-1
- from 0, < 0.9.5-3sarge3