CVE-2018-20806by Jeremyin Security Bulletinson Posted on March 18, 2019 Phamm (aka PHP LDAP Virtual Hosting Manager) 0.6.8 allows XSS via the login page (the /public/main.php action parameter).