CVE-2012-1600
5.8 Medium
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
69.0%
Multiple cross-site scripting (XSS) vulnerabilities in functions.php in phpPgAdmin before 5.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) type of a function.
References
lists.opensuse.org/opensuse-updates/2012-04/msg00033.html
secunia.com/advisories/48574
sourceforge.net/p/phppgadmin/mailman/message/28783470/
www.openwall.com/lists/oss-security/2012/03/28/11
www.openwall.com/lists/oss-security/2012/03/29/6
www.openwall.com/lists/oss-security/2012/03/30/7
www.osvdb.org/80870
www.postgresql.org/message-id/4F6B447C.6080204%40dalibo.com
www.securityfocus.com/bid/52761
bugzilla.redhat.com/show_bug.cgi?id=808439
exchange.xforce.ibmcloud.com/vulnerabilities/74440
github.com/phppgadmin/phppgadmin/commit/74174ad639664b52cc1609ede0af8bc403e98a00
github.com/phppgadmin/phppgadmin/commit/e92a003624609a445c4cf57c9c3d1fcef0eae47c#diff-0
Related
5.8 Medium
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
69.0%