{"url":"http://public2.vulnerablecode.io/api/packages/1078844?format=json","purl":"pkg:deb/debian/phpldapadmin@1.2.6.3-0.3%2Bdeb12u1","type":"deb","namespace":"debian","name":"phpldapadmin","version":"1.2.6.3-0.3+deb12u1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.2.6.7-3~bpo12+1","latest_non_vulnerable_version":"1.2.6.7-3~bpo12+1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51366?format=json","vulnerability_id":"VCID-fc2n-nmzw-3uh1","summary":"A reflected cross-site scripting (XSS) vulnerability in the 'Entry Chooser' of phpLDAPadmin (version 1.2.1 through the latest version, 1.2.6.7) allows attackers to execute arbitrary JavaScript in the user's browser via the 'element' parameter, which is unsafely passed to the JavaScript 'eval' function. However, exploitation is limited to specific conditions where 'opener' is correctly set.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-9101","reference_id":"","reference_type":"","scores":[{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54972","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-9101"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1090914","reference_id":"1090914","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1090914"},{"reference_url":"https://sourceforge.net/projects/phpldapadmin/files/phpldapadmin-php5/1.2.1/","reference_id":"1.2.1","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-20T20:20:12Z/"}],"url":"https://sourceforge.net/projects/phpldapadmin/files/phpldapadmin-php5/1.2.1/"},{"reference_url":"https://github.com/leenooks/phpLDAPadmin/blob/master/htdocs/entry_chooser.php","reference_id":"entry_chooser.php","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-20T20:20:12Z/"}],"url":"https://github.com/leenooks/phpLDAPadmin/blob/master/htdocs/entry_chooser.php"},{"reference_url":"https://github.com/leenooks/phpLDAPadmin/commit/f713afc8d164169516c91b0988531f2accb9bce6#diff-c2d6d7678ada004e704ee055169395a58227aaec86a6f75fa74ca18ff49bca44R27","reference_id":"f713afc8d164169516c91b0988531f2accb9bce6#diff-c2d6d7678ada004e704ee055169395a58227aaec86a6f75fa74ca18ff49bca44R27","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-20T20:20:12Z/"}],"url":"https://github.com/leenooks/phpLDAPadmin/commit/f713afc8d164169516c91b0988531f2accb9bce6#diff-c2d6d7678ada004e704ee055169395a58227aaec86a6f75fa74ca18ff49bca44R27"},{"reference_url":"https://www.redguard.ch/blog/2024/12/19/security-advisory-phpldapadmin/","reference_id":"security-advisory-phpldapadmin","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-20T20:20:12Z/"}],"url":"https://www.redguard.ch/blog/2024/12/19/security-advisory-phpldapadmin/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1078845?format=json","purl":"pkg:deb/debian/phpldapadmin@1.2.6.7-3~bpo12%2B1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpldapadmin@1.2.6.7-3~bpo12%252B1"}],"aliases":["CVE-2024-9101"],"risk_score":0.9,"exploitability":"0.5","weighted_severity":"1.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fc2n-nmzw-3uh1"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpldapadmin@1.2.6.3-0.3%252Bdeb12u1"}