CVE-2024-9101
CVSS V2 None
CVSS V3 None
Description
A reflected cross-site scripting (XSS) vulnerability in the 'Entry Chooser' of phpLDAPadmin (version 1.2.1 through the latest version, 1.2.6.7) allows attackers to execute arbitrary JavaScript in the user's browser via the 'element' parameter, which is unsafely passed to the JavaScript 'eval' function. However, exploitation is limited to specific conditions where 'opener' is correctly set.
Overview
- CVE ID
- CVE-2024-9101
- Assigner
- NCSC.ch
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-12-19T13:41:06.610Z
- Last Modified Date
- 2024-12-19T13:41:06.610Z
Weakness Enumerations
References
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-9101 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9101 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2024-12-20 13:24:13 | Added to TrackCVE |