CVE-2024-9101

Low

Low Medium High Critical

CVSS Score

Published: Dec 19, 2024

Last Modified: Dec 19, 2024

CWE: CWE-79

Vulnerability Description

A reflected cross-site scripting (XSS) vulnerability in the 'Entry Chooser' of phpLDAPadmin (version 1.2.1 through the latest version, 1.2.6.7) allows attackers to execute arbitrary JavaScript in the user's browser via the 'element' parameter, which is unsafely passed to the JavaScript 'eval' function. However, exploitation is limited to specific conditions where 'opener' is correctly set.

References & Resources

Severity Details

out of 10.0

Low

Weakness Type (CWE)

CWE-79 Top 25 #1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description: The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Exploit Likelihood: High
Typical Severity: Medium
OWASP Top 10: A03:2021-Injection
Abstraction Level: Base

View CWE Details on MITRE

Key Information

Published Date: December 19, 2024

External Resources

NIST

National Vulnerability Database

Official CVE record

Related News Articles

Latest news and updates about CVE-2024-9101

Multiple Vulnerabilities Identified in Red Hat Linux Kernel (January 30, 2026) - Red Hat, Linux kernel, vulnerabilities

Mar 29, 2026

Multiple Vulnerabilities Identified in Red Hat Linux Kernel (January 30, 2026)

Multiple critical vulnerabilities have been identified in the Red Hat Linux kernel, posing significant risks to system security.

Multiple Vulnerabilities Identified in SUSE Linux Kernel (January 30, 2026) - SUSE Linux, kernel vulnerabilities, buffer overflow

Mar 29, 2026

Multiple Vulnerabilities Identified in SUSE Linux Kernel (January 30, 2026)

Multiple critical vulnerabilities have been identified in the SUSE Linux kernel, posing significant risks to system security. Immediate action is…

Preparing for Cybersecurity's Future: Quantum Threats, AI Risks, and Patch Management - cybersecurity, quantum computing, vulnerability management

Mar 29, 2026

Preparing for Cybersecurity’s Future: Quantum Threats, AI Risks, and Patch Management

Stay ahead of cyber threats with proactive strategies: quantum-resistant encryption, timely patching, and ethical AI practices.

Multiple Vulnerabilities Identified in SUSE Linux Kernel (09 January 2026) - SUSE Linux, kernel vulnerability, security threat

Jan 20, 2026

Multiple Vulnerabilities Identified in SUSE Linux Kernel (09 January 2026)

Multiple vulnerabilities have been identified in the SUSE Linux kernel, posing a risk to system integrity and security. Immediate action…

Multiple Vulnerabilities Identified in Mozilla Products - Mozilla, vulnerabilities, Firefox

Jan 20, 2026

Multiple Vulnerabilities Identified in Mozilla Products

Multiple critical vulnerabilities have been discovered in Mozilla products, including remote code execution and denial of service attacks.

Critical Security Vulnerabilities Identified in Red Hat Linux Kernel - Red Hat Linux, kernel vulnerability, security update

Jan 20, 2026

Critical Security Vulnerabilities Identified in Red Hat Linux Kernel

Multiple critical security vulnerabilities have been identified in the Red Hat Linux kernel, enabling attackers to execute arbitrary code, bypass…

View All Related Articles