CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
EPSS
Percentile
37.4%
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via a Table Operations (1) TRUNCATE or (2) DROP link for a crafted table name, (3) the Add Trigger popup within a Triggers page that references crafted table names, (4) an invalid trigger-creation attempt for a crafted table name, (5) crafted data in a table, or (6) a crafted tooltip label name during GIS data visualization, a different issue than CVE-2012-4345.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | phpmyadmin | <Β 4:3.4.11.1-1 | phpmyadmin_4:3.4.11.1-1_all.deb |
Debian | 11 | all | phpmyadmin | <Β 4:3.4.11.1-1 | phpmyadmin_4:3.4.11.1-1_all.deb |
Debian | 999 | all | phpmyadmin | <Β 4:3.4.11.1-1 | phpmyadmin_4:3.4.11.1-1_all.deb |
Debian | 13 | all | phpmyadmin | <Β 4:3.4.11.1-1 | phpmyadmin_4:3.4.11.1-1_all.deb |