Security Advisory

CVE-2024-9101

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-12-19 13:41:06

Last updated 2024-12-20 20:20:24

Assigner NCSC.ch

State PUBLISHED

Description

A reflected cross-site scripting (XSS) vulnerability in the Entry Chooser of phpLDAPadmin (version 1.2.1 through the latest version, 1.2.6.7) allows attackers to execute arbitrary JavaScript in the users browser via the element parameter, which is unsafely passed to the JavaScript eval function. However, exploitation is limited to specific conditions where opener is correctly set.

← Browse all CVEs View on cve.org ↗