Description

A reflected cross-site scripting (XSS) vulnerability in the 'Entry Chooser' of phpLDAPadmin (version 1.2.1 through the latest version, 1.2.6.7) allows attackers to execute arbitrary JavaScript in the user's browser via the 'element' parameter, which is unsafely passed to the JavaScript 'eval' function. However, exploitation is limited to specific conditions where 'opener' is correctly set.

INFO

Published Date :

2024-12-19T13:41:06.610Z

Last Modified :

2024-12-20T20:20:24.165Z

Source :

NCSC.ch
AFFECTED PRODUCTS

The following products are affected by CVE-2024-9101 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-9101.

URL Resource
https://github.com/leenooks/phpLDAPadmin/blob/master/htdocs/entry_chooser.php cve-icon cve-icon
https://github.com/leenooks/phpLDAPadmin/commit/f713afc8d164169516c91b0988531f2accb9bce6#diff-c2d6d7678ada004e704ee055169395a58227aaec86a6f75fa74ca18ff49bca44R27 cve-icon cve-icon
https://sourceforge.net/projects/phpldapadmin/files/phpldapadmin-php5/1.2.1/ cve-icon cve-icon
https://www.redguard.ch/blog/2024/12/19/security-advisory-phpldapadmin/ cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability