mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-29 05:56:59 +00:00
116 lines
4.9 KiB
JSON
116 lines
4.9 KiB
JSON
{
|
|
"data_version": "4.0",
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2024-9101",
|
|
"ASSIGNER": "vulnerability@ncsc.ch",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "A reflected cross-site scripting (XSS) vulnerability in the 'Entry Chooser' of phpLDAPadmin (version 1.2.1 through the latest version, 1.2.6.7) allows attackers to execute arbitrary JavaScript in the user's browser via the 'element' parameter, which is unsafely passed to the JavaScript 'eval' function. However, exploitation is limited to specific conditions where 'opener' is correctly set."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')",
|
|
"cweId": "CWE-79"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "phpLDAPadmin",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "phpLDAPadmin",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "not down converted",
|
|
"x_cve_json_5_version_data": {
|
|
"versions": [
|
|
{
|
|
"status": "affected",
|
|
"version": "1.2.1"
|
|
},
|
|
{
|
|
"status": "affected",
|
|
"version": "1.2.6.7"
|
|
}
|
|
],
|
|
"defaultStatus": "affected"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"url": "https://www.redguard.ch/blog/2024/12/19/security-advisory-phpldapadmin/",
|
|
"refsource": "MISC",
|
|
"name": "https://www.redguard.ch/blog/2024/12/19/security-advisory-phpldapadmin/"
|
|
},
|
|
{
|
|
"url": "https://github.com/leenooks/phpLDAPadmin/commit/f713afc8d164169516c91b0988531f2accb9bce6#diff-c2d6d7678ada004e704ee055169395a58227aaec86a6f75fa74ca18ff49bca44R27",
|
|
"refsource": "MISC",
|
|
"name": "https://github.com/leenooks/phpLDAPadmin/commit/f713afc8d164169516c91b0988531f2accb9bce6#diff-c2d6d7678ada004e704ee055169395a58227aaec86a6f75fa74ca18ff49bca44R27"
|
|
},
|
|
{
|
|
"url": "https://github.com/leenooks/phpLDAPadmin/blob/master/htdocs/entry_chooser.php",
|
|
"refsource": "MISC",
|
|
"name": "https://github.com/leenooks/phpLDAPadmin/blob/master/htdocs/entry_chooser.php"
|
|
},
|
|
{
|
|
"url": "https://sourceforge.net/projects/phpldapadmin/files/phpldapadmin-php5/1.2.1/",
|
|
"refsource": "MISC",
|
|
"name": "https://sourceforge.net/projects/phpldapadmin/files/phpldapadmin-php5/1.2.1/"
|
|
}
|
|
]
|
|
},
|
|
"generator": {
|
|
"engine": "Vulnogram 0.2.0"
|
|
},
|
|
"source": {
|
|
"discovery": "EXTERNAL"
|
|
},
|
|
"solution": [
|
|
{
|
|
"lang": "en",
|
|
"supportingMedia": [
|
|
{
|
|
"base64": false,
|
|
"type": "text/html",
|
|
"value": "It is recommended to avoid using the <tt>eval()</tt> function, especially in combination with user-supplied input. Instead of using <tt>eval()</tt>, it is advised to access the DOM element directly in a safe manner.<br>"
|
|
}
|
|
],
|
|
"value": "It is recommended to avoid using the eval() function, especially in combination with user-supplied input. Instead of using eval(), it is advised to access the DOM element directly in a safe manner."
|
|
}
|
|
],
|
|
"credits": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Andreas Pfefferle, Redguard AG"
|
|
}
|
|
]
|
|
} |