CVE-2013-5001

2022-10-0316:14:55

Debian Security Bug Tracker

security-tracker.debian.org

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

30.3%

JSON

Cross-site scripting (XSS) vulnerability in libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php in phpMyAdmin 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted object name associated with a TextLinkTransformationPlugin link.

OSVersionArchitecturePackageVersionFilename
Debian12allphpmyadmin< 4:4.0.4.2-1phpmyadmin_4:4.0.4.2-1_all.deb
Debian11allphpmyadmin< 4:4.0.4.2-1phpmyadmin_4:4.0.4.2-1_all.deb
Debian999allphpmyadmin< 4:4.0.4.2-1phpmyadmin_4:4.0.4.2-1_all.deb
Debian13allphpmyadmin< 4:4.0.4.2-1phpmyadmin_4:4.0.4.2-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	phpmyadmin	< 4:4.0.4.2-1	phpmyadmin_4:4.0.4.2-1_all.deb
Debian	11	all	phpmyadmin	< 4:4.0.4.2-1	phpmyadmin_4:4.0.4.2-1_all.deb
Debian	999	all	phpmyadmin	< 4:4.0.4.2-1	phpmyadmin_4:4.0.4.2-1_all.deb
Debian	13	all	phpmyadmin	< 4:4.0.4.2-1	phpmyadmin_4:4.0.4.2-1_all.deb