Search...

FreeBSD : phpmyadmin -- XSS vulnerability (58247a96-01c8-11da-bc08-0001020eed82)

2005-08-01T00:00:00

ID FREEBSD_PKG_58247A9601C811DABC080001020EED82.NASL
Type nessus
Reporter This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2005-08-01T00:00:00

Description

A phpMyAdmin security announcement reports :

The convcharset parameter was not correctly validated, opening the door to a XSS attack.

                                        
                                            #%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from the FreeBSD VuXML database :
#
# Copyright 2003-2018 Jacques Vidrine and contributors
#
# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
# HTML, PDF, PostScript, RTF and so forth) with or without modification,
# are permitted provided that the following conditions are met:
# 1. Redistributions of source code (VuXML) must retain the above
#    copyright notice, this list of conditions and the following
#    disclaimer as the first lines of this file unmodified.
# 2. Redistributions in compiled form (transformed to other DTDs,
#    published online in any format, converted to PDF, PostScript,
#    RTF and other formats) must reproduce the above copyright
#    notice, this list of conditions and the following disclaimer
#    in the documentation and/or other materials provided with the
#    distribution.
# 
# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(19343);
  script_version("1.20");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2005-0992");
  script_bugtraq_id(12982);

  script_name(english:"FreeBSD : phpmyadmin -- XSS vulnerability (58247a96-01c8-11da-bc08-0001020eed82)");
  script_summary(english:"Checks for updated packages in pkg_info output");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote FreeBSD host is missing one or more security-related
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"A phpMyAdmin security announcement reports :

The convcharset parameter was not correctly validated, opening the
door to a XSS attack."
  );
  # http://marc.theaimsgroup.com/?l=bugtraq&m=111264361622660
  script_set_attribute(
    attribute:"see_also",
    value:"https://marc.info/?l=bugtraq&m=111264361622660"
  );
  # http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-3
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.phpmyadmin.net/security/PMASA-2005-3/"
  );
  # https://vuxml.freebsd.org/freebsd/58247a96-01c8-11da-bc08-0001020eed82.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?7052b7e8"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:ND");
  script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:phpMyAdmin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:phpmyadmin");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");

  script_set_attribute(attribute:"vuln_publication_date", value:"2005/04/03");
  script_set_attribute(attribute:"patch_publication_date", value:"2005/07/31");
  script_set_attribute(attribute:"plugin_publication_date", value:"2005/08/01");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"FreeBSD Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");

  exit(0);
}


include("audit.inc");
include("freebsd_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (pkg_test(save_report:TRUE, pkg:"phpmyadmin&lt;2.6.2.r1")) flag++;
if (pkg_test(save_report:TRUE, pkg:"phpMyAdmin&lt;2.6.2.r1")) flag++;

if (flag)
{
  if (report_verbosity &gt; 0) security_warning(port:0, extra:pkg_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

JSON Vulners Source

Initial Source

{"id": "FREEBSD_PKG_58247A9601C811DABC080001020EED82.NASL", "bulletinFamily": "scanner", "title": "FreeBSD : phpmyadmin -- XSS vulnerability (58247a96-01c8-11da-bc08-0001020eed82)", "description": "A phpMyAdmin security announcement reports :\n\nThe convcharset parameter was not correctly validated, opening the\ndoor to a XSS attack.", "published": "2005-08-01T00:00:00", "modified": "2005-08-01T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "href": "https://www.tenable.com/plugins/nessus/19343", "reporter": "This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://marc.info/?l=bugtraq&m=111264361622660", "https://www.phpmyadmin.net/security/PMASA-2005-3/", "http://www.nessus.org/u?7052b7e8"], "cvelist": ["CVE-2005-0992"], "type": "nessus", "lastseen": "2021-01-07T10:43:58", "edition": 26, "viewCount": 4, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2005-0992"]}, {"type": "gentoo", "idList": ["GLSA-200504-08"]}, {"type": "osvdb", "idList": ["OSVDB:15226"]}, {"type": "openvas", "idList": ["OPENVAS:54462", "OPENVAS:54910"]}, {"type": "exploitdb", "idList": ["EDB-ID:25330"]}, {"type": "freebsd", "idList": ["58247A96-01C8-11DA-BC08-0001020EED82"]}, {"type": "phpmyadmin", "idList": ["PHPMYADMIN:PMASA-2005-3"]}, {"type": "nessus", "idList": ["PHPMYADMIN_CONVCHARSET_XSS.NASL", "GENTOO_GLSA-200504-08.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:7046"]}], "modified": "2021-01-07T10:43:58", "rev": 2}, "score": {"value": 5.7, "vector": "NONE", "modified": "2021-01-07T10:43:58", "rev": 2}, "vulnersScore": 5.7}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(19343);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2005-0992\");\n script_bugtraq_id(12982);\n\n script_name(english:\"FreeBSD : phpmyadmin -- XSS vulnerability (58247a96-01c8-11da-bc08-0001020eed82)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A phpMyAdmin security announcement reports :\n\nThe convcharset parameter was not correctly validated, opening the\ndoor to a XSS attack.\"\n );\n # http://marc.theaimsgroup.com/?l=bugtraq&m=111264361622660\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://marc.info/?l=bugtraq&m=111264361622660\"\n );\n # http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-3\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.phpmyadmin.net/security/PMASA-2005-3/\"\n );\n # https://vuxml.freebsd.org/freebsd/58247a96-01c8-11da-bc08-0001020eed82.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7052b7e8\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:phpMyAdmin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:phpmyadmin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/04/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"phpmyadmin<2.6.2.r1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"phpMyAdmin<2.6.2.r1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "FreeBSD Local Security Checks", "pluginID": "19343", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:phpmyadmin", "p-cpe:/a:freebsd:freebsd:phpMyAdmin"], "scheme": null}

{"cve": [{"lastseen": "2020-10-03T11:34:53", "description": "Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin before 2.6.2-rc1 allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter.", "edition": 3, "cvss3": {}, "published": "2005-05-02T04:00:00", "title": "CVE-2005-0992", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-0992"], "modified": "2017-07-11T01:32:00", "cpe": ["cpe:/a:phpmyadmin:phpmyadmin:2.6.1_rc1", "cpe:/a:phpmyadmin:phpmyadmin:2.1.1", "cpe:/a:phpmyadmin:phpmyadmin:2.2", "cpe:/a:phpmyadmin:phpmyadmin:2.2_pre2", "cpe:/a:phpmyadmin:phpmyadmin:2.2.2", "cpe:/a:phpmyadmin:phpmyadmin:2.4.0", "cpe:/a:phpmyadmin:phpmyadmin:2.5.5_rc2", "cpe:/a:phpmyadmin:phpmyadmin:2.5.2", "cpe:/a:phpmyadmin:phpmyadmin:2.6.0_pl2", "cpe:/a:phpmyadmin:phpmyadmin:2.2.4", "cpe:/a:phpmyadmin:phpmyadmin:2.2_rc3", "cpe:/a:phpmyadmin:phpmyadmin:2.5.5", "cpe:/a:phpmyadmin:phpmyadmin:2.5.0", "cpe:/a:phpmyadmin:phpmyadmin:2.6.1_pl1", "cpe:/a:phpmyadmin:phpmyadmin:2.5.7_pl1", "cpe:/a:phpmyadmin:phpmyadmin:2.6.0_pl3", "cpe:/a:phpmyadmin:phpmyadmin:2.0.1", "cpe:/a:phpmyadmin:phpmyadmin:2.5.5_pl1", "cpe:/a:phpmyadmin:phpmyadmin:2.0.4", "cpe:/a:phpmyadmin:phpmyadmin:2.2.3", "cpe:/a:phpmyadmin:phpmyadmin:2.5.7", "cpe:/a:phpmyadmin:phpmyadmin:2.2_rc1", "cpe:/a:phpmyadmin:phpmyadmin:2.5.5_rc1", "cpe:/a:phpmyadmin:phpmyadmin:2.6.1", "cpe:/a:phpmyadmin:phpmyadmin:2.5.6_rc1", "cpe:/a:phpmyadmin:phpmyadmin:2.6.0_pl1", "cpe:/a:phpmyadmin:phpmyadmin:2.5.3", "cpe:/a:phpmyadmin:phpmyadmin:2.1.2", "cpe:/a:phpmyadmin:phpmyadmin:2.2.6", "cpe:/a:phpmyadmin:phpmyadmin:2.3.1", "cpe:/a:phpmyadmin:phpmyadmin:2.0.3", "cpe:/a:phpmyadmin:phpmyadmin:2.2_pre1", "cpe:/a:phpmyadmin:phpmyadmin:2.5.1", "cpe:/a:phpmyadmin:phpmyadmin:2.1", "cpe:/a:phpmyadmin:phpmyadmin:2.2_rc2", "cpe:/a:phpmyadmin:phpmyadmin:2.0", "cpe:/a:phpmyadmin:phpmyadmin:2.5.4", "cpe:/a:phpmyadmin:phpmyadmin:2.3.2", "cpe:/a:phpmyadmin:phpmyadmin:2.6.1_pl3", "cpe:/a:phpmyadmin:phpmyadmin:2.0.2", "cpe:/a:phpmyadmin:phpmyadmin:2.2.5", "cpe:/a:phpmyadmin:phpmyadmin:2.0.5"], "id": "CVE-2005-0992", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0992", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.0_pl3:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.2_rc3:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.7_pl1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.2_pre2:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.1_pl3:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.5_rc2:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.2_pre1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.5_rc1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.0_pl2:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.0_pl1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.2_rc2:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.6_rc1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.1_rc1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.5_pl1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.1_pl1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.2_rc1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:2.5.4:*:*:*:*:*:*:*"]}], "gentoo": [{"lastseen": "2016-09-06T19:46:58", "bulletinFamily": "unix", "cvelist": ["CVE-2005-0992"], "description": "### Background\n\nphpMyAdmin is a tool written in PHP intended to handle the administration of MySQL databases from a web-browser. \n\n### Description\n\nOriol Torrent Santiago has discovered that phpMyAdmin fails to validate input to the \"convcharset\" variable, rendering it vulnerable to cross-site scripting attacks. \n\n### Impact\n\nBy sending a specially-crafted request, an attacker can inject and execute malicious script code, potentially compromising the victim's browser. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll phpMyAdmin users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-db/phpmyadmin-2.6.2_rc1\"", "edition": 1, "modified": "2006-05-22T00:00:00", "published": "2005-04-11T00:00:00", "id": "GLSA-200504-08", "href": "https://security.gentoo.org/glsa/200504-08", "type": "gentoo", "title": "phpMyAdmin: Cross-site scripting vulnerability", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:11", "bulletinFamily": "software", "cvelist": ["CVE-2005-0992"], "edition": 1, "description": "## Solution Description\nUpgrade to version 2.6.2-rc1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor URL: http://www.phpmyadmin.net/\n[Vendor Specific Advisory URL](http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-3)\nSecurity Tracker: 1013642\n[Secunia Advisory ID:14911](https://secuniaresearch.flexerasoftware.com/advisories/14911/)\n[Secunia Advisory ID:14799](https://secuniaresearch.flexerasoftware.com/advisories/14799/)\n[Secunia Advisory ID:14987](https://secuniaresearch.flexerasoftware.com/advisories/14987/)\nOther Advisory URL: http://www.arrelnet.com/advisories/adv20050403.html\nOther Advisory URL: http://security.gentoo.org/glsa/glsa-200504-08.xml\nOther Advisory URL: http://lists.suse.com/archive/suse-security-announce/2005-Apr/0005.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-04/0049.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-01/0341.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-01/0329.html\n[CVE-2005-0992](https://vulners.com/cve/CVE-2005-0992)\n", "modified": "2005-04-04T04:53:51", "published": "2005-04-04T04:53:51", "href": "https://vulners.com/osvdb/OSVDB:15226", "id": "OSVDB:15226", "title": "phpMyAdmin index.php convcharset Variable XSS", "type": "osvdb", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "openvas": [{"lastseen": "2017-07-24T12:49:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-0992"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200504-08.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "id": "OPENVAS:54910", "href": "http://plugins.openvas.org/nasl.php?oid=54910", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200504-08 (phpMyAdmin)", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"phpMyAdmin is vulnerable to a cross-site scripting attack.\";\ntag_solution = \"All phpMyAdmin users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-db/phpmyadmin-2.6.2_rc1'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200504-08\nhttp://bugs.gentoo.org/show_bug.cgi?id=87952\nhttp://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-3\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200504-08.\";\n\n \n\nif(description)\n{\n script_id(54910);\n script_cve_id(\"CVE-2005-0992\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_name(\"Gentoo Security Advisory GLSA 200504-08 (phpMyAdmin)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"dev-db/phpmyadmin\", unaffected: make_list(\"ge 2.6.2_rc1\"), vulnerable: make_list(\"lt 2.6.2_rc1\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-02T21:10:08", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-0992"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-09-27T00:00:00", "published": "2008-09-04T00:00:00", "id": "OPENVAS:54462", "href": "http://plugins.openvas.org/nasl.php?oid=54462", "type": "openvas", "title": "FreeBSD Ports: phpmyadmin, phpMyAdmin", "sourceData": "#\n#VID 58247a96-01c8-11da-bc08-0001020eed82\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n phpmyadmin\n phpMyAdmin\n\nCVE-2005-0992\nCross-site scripting (XSS) vulnerability in index.php in phpMyAdmin\nbefore 2.6.2-rc1 allows remote attackers to inject arbitrary web\nscript or HTML via the convcharset parameter.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-3\nhttp://marc.theaimsgroup.com/?l=bugtraq&m=111264361622660\nhttp://www.vuxml.org/freebsd/58247a96-01c8-11da-bc08-0001020eed82.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(54462);\n script_version(\"$Revision: 4148 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-27 07:32:19 +0200 (Tue, 27 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2005-0992\");\n script_bugtraq_id(12982);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"FreeBSD Ports: phpmyadmin, phpMyAdmin\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"phpmyadmin\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.6.2.r1\")<0) {\n txt += 'Package phpmyadmin version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"phpMyAdmin\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.6.2.r1\")<0) {\n txt += 'Package phpMyAdmin version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "exploitdb": [{"lastseen": "2016-02-03T01:07:58", "description": "PHPMyAdmin 2.x Convcharset Cross-Site Scripting Vulnerability. CVE-2005-0992. Webapps exploit for php platform", "published": "2005-04-03T00:00:00", "type": "exploitdb", "title": "PHPMyAdmin 2.x Convcharset Cross-Site Scripting Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2005-0992"], "modified": "2005-04-03T00:00:00", "id": "EDB-ID:25330", "href": "https://www.exploit-db.com/exploits/25330/", "sourceData": "source: http://www.securityfocus.com/bid/12982/info\r\n\r\nphpMyAdmin is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input to the 'convcharset' parameter.\r\n\r\nphpMyAdmin versions prior to 2.6.2-rc1 are affected by this issue. \r\n\r\nhttp://www.example.com/phpmyadmin/index.php?pma_username=&pma_password=&server=1&lang=en-iso-8859-1&convcharset=\\\"><script>alert(document.cookie)</script>\r\n\r\nhttp://www.example.com/phpmyadmin/index.php?pma_username=&pma_password=&server=1&lang=en-iso-8859-1&convcharset=\\\"><h1>XSS</h1> ", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/25330/"}], "nessus": [{"lastseen": "2021-01-07T10:51:56", "description": "The remote host is affected by the vulnerability described in GLSA-200504-08\n(phpMyAdmin: XSS vulnerability)\n\n Oriol Torrent Santiago has discovered that phpMyAdmin fails to validate\n input to the 'convcharset' variable, rendering it vulnerable to\n cross-site scripting attacks.\n \nImpact :\n\n By sending a specially crafted request, an attacker can inject and\n execute malicious script code, potentially compromising the victim's\n browser.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 26, "published": "2005-04-12T00:00:00", "title": "GLSA-200504-08 : phpMyAdmin: XSS vulnerability", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-0992"], "modified": "2005-04-12T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:phpmyadmin"], "id": "GENTOO_GLSA-200504-08.NASL", "href": "https://www.tenable.com/plugins/nessus/18013", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200504-08.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(18013);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2005-0992\");\n script_xref(name:\"GLSA\", value:\"200504-08\");\n\n script_name(english:\"GLSA-200504-08 : phpMyAdmin: XSS vulnerability\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200504-08\n(phpMyAdmin: XSS vulnerability)\n\n Oriol Torrent Santiago has discovered that phpMyAdmin fails to validate\n input to the 'convcharset' variable, rendering it vulnerable to\n cross-site scripting attacks.\n \nImpact :\n\n By sending a specially crafted request, an attacker can inject and\n execute malicious script code, potentially compromising the victim's\n browser.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n # http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-3\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.phpmyadmin.net/security/PMASA-2005-3/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200504-08\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All phpMyAdmin users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-db/phpmyadmin-2.6.2_rc1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:phpmyadmin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/04/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/04/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-db/phpmyadmin\", unaffected:make_list(\"ge 2.6.2_rc1\"), vulnerable:make_list(\"lt 2.6.2_rc1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"phpMyAdmin\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-20T13:25:43", "description": "The installed version of phpMyAdmin suffers from a cross-site\nscripting vulnerability due to its failure to sanitize user input to\nthe 'convcharset' parameter of the 'index.php' script. A remote\nattacker may use these vulnerabilities to cause arbitrary code to be\nexecuted in a user's browser to steal authentication cookies and the\nlike.", "edition": 25, "published": "2005-04-05T00:00:00", "title": "phpMyAdmin index.php convcharset Parameter XSS", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-0992"], "modified": "2005-04-05T00:00:00", "cpe": ["cpe:/a:phpmyadmin:phpmyadmin"], "id": "PHPMYADMIN_CONVCHARSET_XSS.NASL", "href": "https://www.tenable.com/plugins/nessus/17689", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(17689);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2005-0992\");\n script_bugtraq_id(12982);\n\n script_name(english:\"phpMyAdmin index.php convcharset Parameter XSS\");\n script_summary(english:\"Checks for convcharset cross-site scripting vulnerability in phpMyAdmin\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains a PHP script that is affected by a\ncross-site scripting vulnerability.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The installed version of phpMyAdmin suffers from a cross-site\nscripting vulnerability due to its failure to sanitize user input to\nthe 'convcharset' parameter of the 'index.php' script. A remote\nattacker may use these vulnerabilities to cause arbitrary code to be\nexecuted in a user's browser to steal authentication cookies and the\nlike.\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to phpMyAdmin 2.6.2-rc1 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2005/04/05\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2005/04/04\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:phpmyadmin:phpmyadmin\");\n script_end_attributes();\n \n script_category(ACT_ATTACK);\n script_family(english:\"CGI abuses : XSS\");\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n\n script_dependencies(\"cross_site_scripting.nasl\", \"phpMyAdmin_detect.nasl\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_ports(\"Services/www\", 80);\n script_require_keys(\"www/phpMyAdmin\", \"www/PHP\");\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"url_func.inc\");\n\nport = get_http_port(default:80, php:TRUE, no_xss:TRUE);\n\n# A simple alert.\nxss = \"<script>alert('\" + SCRIPT_NAME + \"');</script>\";\n\n# Test an install.\ninstall = get_kb_item(string(\"www/\", port, \"/phpMyAdmin\"));\nif (isnull(install)) exit(0);\nmatches = eregmatch(string:install, pattern:\"^(.+) under (/.*)$\");\nif (!isnull(matches)) {\n dir = matches[2];\n # Try to exploit the vulnerability with our XSS.\n test_cgi_xss(port: port, cgi: \"/index.php\", dirs: make_list(dir),\n pass_str: xss, qs: string(\n \"pma_username=&\",\n \"pma_password=&\",\n \"server=1&\",\n \"lang=en-iso-8859-1&\",\n \"convcharset=%5C%22%3E\", urlencode(str:xss)\n ));\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:54", "bulletinFamily": "unix", "cvelist": ["CVE-2005-0992"], "description": "\nA phpMyAdmin security announcement reports:\n\nThe convcharset parameter was not correctly validated,\n\t opening the door to a XSS attack.\n\n", "edition": 4, "modified": "2005-04-03T00:00:00", "published": "2005-04-03T00:00:00", "id": "58247A96-01C8-11DA-BC08-0001020EED82", "href": "https://vuxml.freebsd.org/freebsd/58247a96-01c8-11da-bc08-0001020eed82.html", "title": "phpmyadmin -- cross site scripting vulnerability", "type": "freebsd", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "phpmyadmin": [{"lastseen": "2019-05-29T17:20:06", "bulletinFamily": "software", "cvelist": ["CVE-2005-0992"], "description": "## PMASA-2005-3\n\n**Announcement-ID:** PMASA-2005-3\n\n**Date:** 2005-04-03\n\n### Summary\n\nCross-Site Scripting vulnerability\n\n### Description\n\nWe received a security advisory from Oriol Torrent Santiago and we wish to thank him for his work and report. The `convcharset` parameter was not correctly validated, opening the door to a XSS attack.\n\n### Severity\n\nWe consider this vulnerability to be serious.\n\n### Affected Versions\n\nProbably all phpMyAdmin versions before 2.6.2-rc1.\n\n### Solution\n\nUpgrade to phpMyAdmin 2.6.2-rc1 or newer.\n\n### References\n\n[ http://www.arrelnet.com/advisories/adv20050403.html](<http://www.arrelnet.com/advisories/adv20050403.html>)\n\nAssigned CVE ids: [CVE-2005-0992](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0992>)\n\nCWE ids: [CWE-661](<https://cwe.mitre.org/data/definitions/661.html>) [CWE-79](<https://cwe.mitre.org/data/definitions/79.html>)\n\n### More information\n\nFor further information and in case of questions, please contact the phpMyAdmin team. Our website is [ phpmyadmin.net](<https://www.phpmyadmin.net/>). \n", "edition": 2, "modified": "2005-04-03T00:00:00", "published": "2005-04-03T00:00:00", "id": "PHPMYADMIN:PMASA-2005-3", "href": "https://www.phpmyadmin.net/security/PMASA-2005-3/", "title": "Cross-Site Scripting vulnerability", "type": "phpmyadmin", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:22", "bulletinFamily": "software", "cvelist": ["CVE-2007-0224", "CVE-2007-0250", "CVE-2007-0249", "CVE-2007-0225", "CVE-2007-0314", "CVE-2007-0231", "CVE-2007-0175", "CVE-2007-0266", "CVE-2007-0184", "CVE-2007-0185", "CVE-2007-0258", "CVE-2007-0259", "CVE-2007-0341", "CVE-2007-0147", "CVE-2007-0203", "CVE-2007-0300", "CVE-2007-0265", "CVE-2007-0298", "CVE-2005-0992", "CVE-2007-0204", "CVE-2007-0261", "CVE-2007-0252"], "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "edition": 1, "modified": "2007-01-12T00:00:00", "published": "2007-01-12T00:00:00", "id": "SECURITYVULNS:VULN:7046", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7046", "title": "Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}

FreeBSD : phpmyadmin -- XSS vulnerability (58247a96-01c8-11da-bc08-0001020eed82)

Description

A phpMyAdmin security announcement reports : The convcharset parameter was not correctly validated, opening the door to a XSS attack.

A phpMyAdmin security announcement reports :

The convcharset parameter was not correctly validated, opening the door to a XSS attack.