{"id":"CVE-2018-8763","details":"Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 has XSS via the dn parameter to the templates/3rdParty/pla/htdocs/cmd.php URI or the template parameter to the templates/3rdParty/pla/htdocs/cmd.php?cmd=rename_form URI.","modified":"2026-04-10T04:11:32.990944Z","published":"2018-03-27T16:29:00.653Z","references":[{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2018/04/msg00007.html"},{"type":"ADVISORY","url":"https://www.debian.org/security/2018/dsa-4165"},{"type":"EVIDENCE","url":"http://seclists.org/fulldisclosure/2018/Mar/45"},{"type":"EVIDENCE","url":"http://packetstormsecurity.com/files/146858/LDAP-Account-Manager-6.2-Cross-Site-Scripting.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ldapaccountmanager/lam","events":[{"introduced":"0"},{"last_affected":"3e20940d3429d37cac37d8d9cfea649bcd82f0aa"},{"introduced":"0"},{"last_affected":"cb97baae7b1aadffd1b54d0bbcb487a5ca769823"},{"introduced":"0"},{"last_affected":"1fbcbea3c17e77d65d8ea0ff73c1e663387d25b5"},{"introduced":"0"},{"fixed":"fe1547e145b06e55048d8385e03ea41df24bf421"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"7.0"},{"introduced":"0"},{"last_affected":"8.0"},{"introduced":"0"},{"last_affected":"9.0"},{"introduced":"0"},{"fixed":"6.3"}]}}],"versions":["8.5","8.6","8.6.RC1","8.7","8.7.RC1","8.8","8.8.RC1","8.9","8.9.RC1","9.0","9.0.RC1","lam_5_4","lam_5_4_RC1","lam_5_5","lam_5_5_RC1","lam_5_6","lam_5_6_RC1","lam_5_7","lam_5_7_RC1","lam_6_0","lam_6_0_RC1","lam_6_0_RC2","lam_6_1","lam_6_1_RC1","lam_6_2","lam_6_2_RC1","lam_6_3","lam_6_3_RC1","lam_6_4","lam_6_4_RC1","lam_6_5","lam_6_5_RC1","lam_6_6","lam_6_6_RC1","lam_6_7","lam_6_7_RC1","lam_6_8","lam_6_8_RC1","lam_6_9","lam_6_9_RC1","lam_7_0","lam_7_0_RC1","lam_7_1","lam_7_1_RC1","lam_7_2","lam_7_2_RC1","lam_7_3","lam_7_4","lam_7_4_RC1","lam_7_5","lam_7_5_RC1","lam_7_6","lam_7_6_RC1","lam_7_7","lam_7_7_RC1","lam_7_8","lam_7_8_RC1","lam_7_9_RC1","lam_8_0","lam_8_0_1","lam_8_0_RC1","lam_8_1","lam_8_1_RC1","lam_8_2","lam_8_2_RC1","lam_8_3","lam_8_3_RC1","lam_8_4","lam_8_4_RC1","lam_8_5_RC1","untagged-0f11e4b04e249cac51c5"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-8763.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}