phpldapadmin: XSS in htdocs/entry_chooser.php (CVE-2017-11107)
phpLDAPadmin through 1.2.3 has XSS in htdocs/entry_chooser.php via the form, element, rdn, or container parameter.
(from redmine: issue id 7509, created on 2017-07-12, closed on 2017-08-23)
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information