2024-12-19 13:41:06
NCSC.ch
PUBLISHED
A reflected cross-site scripting (XSS) vulnerability in the Entry Chooser of phpLDAPadmin (version 1.2.1 through the latest version, 1.2.6.7) allows attackers to execute arbitrary JavaScript in the users browser via the element parameter, which is unsafely passed to the JavaScript eval function. However, exploitation is limited to specific conditions where opener is correctly set.