cve/CVE-2024-9101.md at cb00e1339f55f9551dd27140c9ce222c7fab7101

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-11-30 18:56:19 +00:00

0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09

2025-09-29 21:09:30 +02:00

Description

A reflected cross-site scripting (XSS) vulnerability in the 'Entry Chooser' of phpLDAPadmin (version 1.2.1 through the latest version, 1.2.6.7) allows attackers to execute arbitrary JavaScript in the user's browser via the 'element' parameter, which is unsafely passed to the JavaScript 'eval' function. However, exploitation is limited to specific conditions where 'opener' is correctly set.

POC

Reference

https://www.redguard.ch/blog/2024/12/19/security-advisory-phpldapadmin/

Github

https://github.com/fkie-cad/nvd-json-data-feeds

1.1 KiB Raw Blame History

CVE-2024-9101

Description

POC

Reference

Github

1.1 KiB

Raw Blame History