This vulnerability allows one to bypass weak XSS filtering / validation on vulnerable installations of LDAP Tool Box. User interaction is required to exploit this vulnerability in that the target must open or browse a malicious link.
The vulnerable weak XSS filtering mechanism will prevent some but not all XSS injections. It really depends on the execution context. Relying on the htmlentities encoding function is equivalent to using a very weak blacklist.
All installations of LDAP Tool Box which does not have the appropriate patch applied
Until LDAP Tool Box releases an upgraded version, please apply the patch found here.