CVE-2024-9101

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-9101
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-9101.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-9101
Downstream
Published
2024-12-19T13:41:06.610Z
Modified
2026-05-18T05:58:01.839697869Z
Severity
  • 2.1 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L CVSS Calculator
Summary
phpLDAPadmin: Reflected Cross-Site Scripting in entry_chooser.php
Details

A reflected cross-site scripting (XSS) vulnerability in the 'Entry Chooser' of phpLDAPadmin (version 1.2.1 through the latest version, 1.2.6.7) allows attackers to execute arbitrary JavaScript in the user's browser via the 'element' parameter, which is unsafely passed to the JavaScript 'eval' function. However, exploitation is limited to specific conditions where 'opener' is correctly set.

Database specific 
{
    "cwe_ids": [
        "CWE-79"
    ],
    "cna_assigner": "NCSC.ch",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/9xxx/CVE-2024-9101.json"
}
References

Affected packages

Git / github.com/leenooks/phpldapadmin

Affected ranges

Type
GIT
Repo
https://github.com/leenooks/phpldapadmin
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
f713afc8d164169516c91b0988531f2accb9bce6

Affected versions

RELEASE-0.*
RELEASE-0.9.0
RELEASE-0.9.1
RELEASE-0.9.2
RELEASE-0.9.3
RELEASE-0.9.5
RELEASE-0.9.7
RELEASE-0.9.7.1
RELEASE-0.9.7.2
RELEASE-0.9.8
RELEASE-0.9.8.1
RELEASE-1.*
RELEASE-1.0.0
RELEASE-1.1.0
RELEASE-1.1.0.1
RELEASE-1.1.0.2
RELEASE-1.1.0.3
RELEASE-1.1.0.4
RELEASE-1.1.0.5
RELEASE-1.1.0.6
RELEASE-1.1.0.7
RELEASE-1.2.0
RELEASE-1.2.0-rc1
RELEASE-1.2.0.1
RELEASE-1.2.0.2
RELEASE-1.2.0.3
RELEASE-1.2.0.4
RELEASE-1.2.0.5

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-9101.json"