CVE-2007-1840

Description

lib/modules.inc in LDAP Account Manager (LAM) before 1.3.0 does not escape HTML special characters in LDAP data, which allows remote attackers to have an unknown impact, probably cross-site scripting (XSS).

How to fix CVE-2007-1840

To remediate CVE-2007-1840, upgrade the affected package to a fixed version below.

• Debian/ldap-account-manager—upgrade to 1.1.1-2 or later

Is CVE-2007-1840 being exploited?

Low — EPSS is 0.6%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 1.1.1-2

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2007-1840