CVE-2024-9101 - phpLDAPadmin XSS in Entry Chooser
CVE ID : CVE-2024-9101
Published : Dec. 19, 2024, 2:15 p.m. | 2 hours, 42 minutes ago
Description : A reflected cross-site scripting (XSS) vulnerability in the 'Entry Chooser' of phpLDAPadmin (version 1.2.1 through the latest version, 1.2.6.7) allows attackers to execute arbitrary JavaScript in the user's browser via the 'element' parameter, which is unsafely passed to the JavaScript 'eval' function. However, exploitation is limited to specific conditions where 'opener' is correctly set.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Published : Dec. 19, 2024, 2:15 p.m. | 2 hours, 42 minutes ago
Description : A reflected cross-site scripting (XSS) vulnerability in the 'Entry Chooser' of phpLDAPadmin (version 1.2.1 through the latest version, 1.2.6.7) allows attackers to execute arbitrary JavaScript in the user's browser via the 'element' parameter, which is unsafely passed to the JavaScript 'eval' function. However, exploitation is limited to specific conditions where 'opener' is correctly set.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...