- Description
- A reflected cross-site scripting (XSS) vulnerability in the 'Entry Chooser' of phpLDAPadmin (version 1.2.1 through the latest version, 1.2.6.7) allows attackers to execute arbitrary JavaScript in the user's browser via the 'element' parameter, which is unsafely passed to the JavaScript 'eval' function. However, exploitation is limited to specific conditions where 'opener' is correctly set.
- Source
- vulnerability@ncsc.ch
- NVD status
- Received
CVSS 4.0
- Type
- Secondary
- Base score
- 2.1
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- LOW
- vulnerability@ncsc.ch
- CWE-79
- Hype score
- Not currently trending
CVE-2024-9101 Reflected XSS Vulnerability in phpLDAPadmin 'Entry Chooser' Component A reflected Cross Site Scripting (XSS) vulnerability is present in the 'Entry Chooser' feature of phpLDAPadmin, from version 1.2... https://t.co/Td4J9UYk9s
@VulmonFeeds
19 Dec 2024
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-9101 A reflected cross-site scripting (XSS) vulnerability in the 'Entry Chooser' of phpLDAPadmin (version 1.2.1 through the latest version, 1.2.6.7) allows attackers to exec… https://t.co/6OrzlrB2b7
@CVEnew
19 Dec 2024
329 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes