CVE-2024-9101

CVSS V2 None CVSS V3 None
Description
A reflected cross-site scripting (XSS) vulnerability in the 'Entry Chooser' of phpLDAPadmin (version 1.2.1 through the latest version, 1.2.6.7) allows attackers to execute arbitrary JavaScript in the user's browser via the 'element' parameter, which is unsafely passed to the JavaScript 'eval' function. However, exploitation is limited to specific conditions where 'opener' is correctly set.
Overview
  • CVE ID
  • CVE-2024-9101
  • Assigner
  • NCSC.ch
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-12-19T13:41:06.610Z
  • Last Modified Date
  • 2024-12-19T13:41:06.610Z
History
Created Old Value New Value Data Type Notes
2024-12-20 13:24:13 Added to TrackCVE