FreeBSD3F09CA29-0E48-11E4-B17A-6805CA0B3D42phpMyAdmin -- multiple XSS vulnerabilities, missing validation
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
53.2%
The phpMyAdmin development team reports:
Self-XSS due to unescaped HTML output in database
structure page.
With a crafted table comment, it is possible to trigger
an XSS in database structure page.
Self-XSS due to unescaped HTML output in database
triggers page.
When navigating into the database triggers page, it is
possible to trigger an XSS with a crafted trigger
name.
Multiple XSS in AJAX confirmation messages.
With a crafted column name it is possible to trigger an
XSS when dropping the column in table structure page. With
a crafted table name it is possible to trigger an XSS when
dropping or truncating the table in table operations
page.
Access for an unprivileged user to MySQL user list.
An unpriviledged user could view the MySQL user list and
manipulate the tabs displayed in phpMyAdmin for them.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| FreeBSD | any | noarch | phpmyadmin | = 4.2.0 | UNKNOWN |
| FreeBSD | any | noarch | phpmyadmin | < 4.2.6 | UNKNOWN |
Related
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
53.2%