Home > Vulnerability Database > CVE-2024-9101

Mend.io Vulnerability Database

CVE-2024-9101

Date: December 19, 2024

A reflected cross-site scripting (XSS) vulnerability in the 'Entry Chooser' of phpLDAPadmin (version 1.2.1 through the latest version, 1.2.6.7) allows attackers to execute arbitrary JavaScript in the user's browser via the 'element' parameter, which is unsafely passed to the JavaScript 'eval' function. However, exploitation is limited to specific conditions where 'opener' is correctly set.

Language: PHP

Severity Score

4.5

Related Resources (7)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-9101

Url: https://security-tracker.debian.org/tracker/CVE-2024-9101

Url: https://sourceforge.net/projects/phpldapadmin/files/phpldapadmin-php5/1.2.1/

Url: https://github.com/leenooks/phpLDAPadmin/commit/f713afc8d164169516c91b0988531f2accb9bce6#diff-c2d6d7678ada004e704ee055169395a58227aaec86a6f75fa74ca18ff49bca44R27

Url: https://github.com/leenooks/phpLDAPadmin/blob/master/htdocs/entry_chooser.php

Url: https://www.redguard.ch/blog/2024/12/19/security-advisory-phpldapadmin/

Url: https://www.mend.io/vulnerability-database/CVE-2024-9101

Severity Score

4.5

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

CVSS v3.1

Base Score:	4.5
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2024-9101

Date: December 19, 2024

Language: PHP

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?