GitHub Advisory DatabaseGHSA-RFPG-2FP8-2FPH

HistoryMay 17, 2022 - 5:16 a.m.

phpMyAdmin multiple cross-site scripting vulnerabilities

2022-05-1705:16:32

CWE-79

GitHub Advisory Database

github.com

phpmyadmin

xss

vulnerabilities

3.5.x

web script

html

remote authenticated users

event

procedure

trigger

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

EPSS

0.001

Percentile

48.1%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.3 allow remote authenticated users to inject arbitrary web script or HTML via a crafted name of (1) an event, (2) a procedure, or (3) a trigger.

Affected configurations

Vulners

Node

phpmyadminphpmyadminRange3.5–3.5.3

VendorProductVersionCPE
phpmyadminphpmyadmin*cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
phpmyadmin	phpmyadmin	*	cpe:2.3:a:phpmyadmin:phpmyadmin::::::::

References

lists.opensuse.org/opensuse-updates/2012-11/msg00033.html

www.phpmyadmin.net/home_page/security/PMASA-2012-6.php

github.com/advisories/GHSA-rfpg-2fp8-2fph

github.com/phpmyadmin/phpmyadmin/commit/6ea8fad3f999bfdf79eb6fe31309592bca54d611

github.com/phpmyadmin/phpmyadmin/commit/cfd688d2512df9827a8ecc0412fc264fc5bcb186

nvd.nist.gov/vuln/detail/CVE-2012-5339

web.archive.org/web/20121020000514/www.securityfocus.com/bid/55925

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

EPSS

0.001

Percentile

48.1%

JSON

Related for GHSA-RFPG-2FP8-2FPH