-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : ldap-account-manager Version : 3.7-2+deb7u1 CVE ID : CVE-2018-8763
Michal Kedzior found two vulnerabilities in LDAP Account Manager, a web front-end for LDAP directories. CVE-2018-8763 The found Reflected Cross Site Scripting (XSS) vulnerability might allow an attacker to execute JavaScript code in the browser of the victim or to redirect her to a malicious website if the victim clicks on a specially crafted link. For Debian 7 "Wheezy", these problems have been fixed in version 3.7-2+deb7u1. We recommend that you upgrade your ldap-account-manager packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEKpwfR8DOwu5vyB4TKpJZkldkSvoFAlrLFwYACgkQKpJZkldk SvrWuQ//QRn2ZlJjG4WVs5XJNGOGdmjcxh9D41ndUk4kdazI++nRI4tftEkEdkFM 6y6dpOzpJ/RM2h1nSG4yC9NJoTfpRqkeYTPcO035Bmg8QZkqN/RvPOR5G+pqJbRr S74OpI6cslTW2hEHBZ9g9ZydTxWKZkiAzWCvMdncbyy19zFGVlPZ456DOoykYga+ ILX/6C8uBZ5aTGUSZvRc7Vsz1+iI2ibUK9cHdqHixI7gpeMredahJf6cOabghfMi XnC4VFXaqpnstVfK7PQEGaR8gcBkD05XIcyyc6kIx0xMnIFjll6oXa+AoPtnXFIH guhIl3fWSs2rfo+xWF5el63Z0mrzjVqdG0pfeXrPWdY9GlZZyuQz1S+lqoO0NtVs TNMx3T40WSvqQnQAFRT0w66UwmTfVOSw56J9Y/NjR8X8gjRAD5rRRrSYdzg3x/rc In4oQGZIdWm0LXjccFtS0vsGrHws8AuHWUIHwA0SuJNCrNoNHsRpS77/+qbQVX9B Giwl4Ijaa4YwpVMyV694xzC1AOQk18dP7hCylKTMJ5ky/GslREClIFUC6v9KD9w9 0qWE/28YIzrpuFoz19HTVxWqB/GGxaFUS3TK8KIWpEEKhNJIcfLhzBAmbKlMofKs UGrQ1KmqbYDWOlGPtevkD0LIdfDN7hArvctpxxZuLXoPuR8Lda8= =YRH1 -----END PGP SIGNATURE-----