CVE-2024-25976 | HAWKI LDAP Authentication login.php $_SERVER[‘PHP_SELF’] cross site scripting

Inserito da Angelo Barbosa | Mag 29, 2024 | CVE

A vulnerability, which was classified as problematic, has been found in University of Applied Sciences and Arts Hildesheim HAWKI. Affected by this issue is some unknown functionality of the file login.php of the component LDAP Authentication Handler. The manipulation of the argument $_SERVER[‘PHP_SELF’] leads to cross site scripting.

This vulnerability is handled as CVE-2024-25976. The attack may be launched remotely. There is no exploit available.

CVE-2024-25976 | HAWKI LDAP Authentication login.php $_SERVER[‘PHP_SELF’] cross site scripting

Post correlati

CVE-2024-0740 | Eclipse Target Management up to 4.5.500 os command injection

CVE-2024-32950 | DeBAAT WP Media Category Management Plugin up to 2.2 on WordPress cross site scripting

CVE-2023-52890 | NTFS-3G libntfs-3g/unistr.c ntfs_uppercase_mbs use after free (Issue 84 / 75dcdc2)

CVE-2024-4001 | Download Manager Plugin up to 3.2.93 on WordPress Shortcode wpdm_modal_login_form cross site scripting