ByteOS Network

NVD Vulnerability Details :

CVE-2024-9101

Deferred

Source-vulnerability@ncsc.ch

Published At-19 Dec, 2024 | 14:15

Updated At-15 Apr, 2026 | 00:35

A reflected cross-site scripting (XSS) vulnerability in the 'Entry Chooser' of phpLDAPadmin (version 1.2.1 through the latest version, 1.2.6.7) allows attackers to execute arbitrary JavaScript in the user's browser via the 'element' parameter, which is unsafely passed to the JavaScript 'eval' function. However, exploitation is limited to specific conditions where 'opener' is correctly set.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	2.1	LOW	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Type: Secondary

Version: 4.0

Base score: 2.1

Base severity: LOW

Vector:

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Weaknesses

CWE ID	Type	Source
CWE-79	Secondary	vulnerability@ncsc.ch

CWE ID: CWE-79

Type: Secondary

Source: vulnerability@ncsc.ch

References

Hyperlink	Source	Resource
https://github.com/leenooks/phpLDAPadmin/blob/master/htdocs/entry_chooser.php	vulnerability@ncsc.ch	N/A
https://github.com/leenooks/phpLDAPadmin/commit/f713afc8d164169516c91b0988531f2accb9bce6#diff-c2d6d7678ada004e704ee055169395a58227aaec86a6f75fa74ca18ff49bca44R27	vulnerability@ncsc.ch	N/A
https://sourceforge.net/projects/phpldapadmin/files/phpldapadmin-php5/1.2.1/	vulnerability@ncsc.ch	N/A
https://www.redguard.ch/blog/2024/12/19/security-advisory-phpldapadmin/	vulnerability@ncsc.ch	N/A