Description

LDAP Account Manager (LAM) is a webfrontend for managing entries stored in an LDAP directory. LAM before 9.3 allows stored cross-site scripting in the Profile section via the profile name field, which renders untrusted input as HTML and executes a supplied script (for example a script element). An authenticated user with permission to create or edit a profile can insert a script payload into the profile name and have it executed when the profile data is viewed in a browser. This issue is fixed in version 9.3. No known workarounds are mentioned.

INFO

Published Date :

2025-09-16T16:29:37.615Z

Last Modified :

2025-09-16T18:26:38.482Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-58174 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-58174.

URL Resource
https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-6gqg-wm9x-5x3m cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact