mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-06-19 17:31:42 +00:00
94 lines
4.1 KiB
JSON
94 lines
4.1 KiB
JSON
{
|
|
"id": "CVE-2024-9101",
|
|
"sourceIdentifier": "vulnerability@ncsc.ch",
|
|
"published": "2024-12-19T14:15:06.147",
|
|
"lastModified": "2024-12-19T14:15:06.147",
|
|
"vulnStatus": "Awaiting Analysis",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "A reflected cross-site scripting (XSS) vulnerability in the 'Entry Chooser' of phpLDAPadmin (version 1.2.1 through the latest version, 1.2.6.7) allows attackers to execute arbitrary JavaScript in the user's browser via the 'element' parameter, which is unsafely passed to the JavaScript 'eval' function. However, exploitation is limited to specific conditions where 'opener' is correctly set."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Una vulnerabilidad de tipo cross-site scripting (XSS) reflejado en el 'Entry Chooser' de phpLDAPadmin (versi\u00f3n 1.2.1 hasta la \u00faltima versi\u00f3n, 1.2.6.7) permite a los atacantes ejecutar c\u00f3digo JavaScript arbitrario en el navegador del usuario a trav\u00e9s del par\u00e1metro 'element', que se pasa de forma no segura a la funci\u00f3n 'eval' de JavaScript. Sin embargo, la explotaci\u00f3n se limita a condiciones espec\u00edficas en las que 'opener' est\u00e1 configurado correctamente."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV40": [
|
|
{
|
|
"source": "vulnerability@ncsc.ch",
|
|
"type": "Secondary",
|
|
"cvssData": {
|
|
"version": "4.0",
|
|
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
|
|
"baseScore": 2.1,
|
|
"baseSeverity": "LOW",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "HIGH",
|
|
"attackRequirements": "PRESENT",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "ACTIVE",
|
|
"vulnerableSystemConfidentiality": "LOW",
|
|
"vulnerableSystemIntegrity": "LOW",
|
|
"vulnerableSystemAvailability": "LOW",
|
|
"subsequentSystemConfidentiality": "LOW",
|
|
"subsequentSystemIntegrity": "LOW",
|
|
"subsequentSystemAvailability": "LOW",
|
|
"exploitMaturity": "NOT_DEFINED",
|
|
"confidentialityRequirements": "NOT_DEFINED",
|
|
"integrityRequirements": "NOT_DEFINED",
|
|
"availabilityRequirements": "NOT_DEFINED",
|
|
"modifiedAttackVector": "NOT_DEFINED",
|
|
"modifiedAttackComplexity": "NOT_DEFINED",
|
|
"modifiedAttackRequirements": "NOT_DEFINED",
|
|
"modifiedPrivilegesRequired": "NOT_DEFINED",
|
|
"modifiedUserInteraction": "NOT_DEFINED",
|
|
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
|
|
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
|
|
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
|
|
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
|
|
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
|
|
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
|
|
"safety": "NOT_DEFINED",
|
|
"automatable": "NOT_DEFINED",
|
|
"recovery": "NOT_DEFINED",
|
|
"valueDensity": "NOT_DEFINED",
|
|
"vulnerabilityResponseEffort": "NOT_DEFINED",
|
|
"providerUrgency": "NOT_DEFINED"
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "vulnerability@ncsc.ch",
|
|
"type": "Secondary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-79"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://github.com/leenooks/phpLDAPadmin/blob/master/htdocs/entry_chooser.php",
|
|
"source": "vulnerability@ncsc.ch"
|
|
},
|
|
{
|
|
"url": "https://github.com/leenooks/phpLDAPadmin/commit/f713afc8d164169516c91b0988531f2accb9bce6#diff-c2d6d7678ada004e704ee055169395a58227aaec86a6f75fa74ca18ff49bca44R27",
|
|
"source": "vulnerability@ncsc.ch"
|
|
},
|
|
{
|
|
"url": "https://sourceforge.net/projects/phpldapadmin/files/phpldapadmin-php5/1.2.1/",
|
|
"source": "vulnerability@ncsc.ch"
|
|
},
|
|
{
|
|
"url": "https://www.redguard.ch/blog/2024/12/19/security-advisory-phpldapadmin/",
|
|
"source": "vulnerability@ncsc.ch"
|
|
}
|
|
]
|
|
} |