CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
Confidence
High
EPSS
Percentile
69.2%
Multiple cross-site scripting (XSS) vulnerabilities in functions.php in phpPgAdmin before 5.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) type of a function.
Vendor | Product | Version | CPE |
---|---|---|---|
phppgadmin_project | phppgadmin | * | cpe:2.3:a:phppgadmin_project:phppgadmin:*:*:*:*:*:*:*:* |
phppgadmin_project | phppgadmin | 5.0 | cpe:2.3:a:phppgadmin_project:phppgadmin:5.0:*:*:*:*:*:*:* |
phppgadmin_project | phppgadmin | 5.0.1 | cpe:2.3:a:phppgadmin_project:phppgadmin:5.0.1:*:*:*:*:*:*:* |
phppgadmin_project | phppgadmin | 5.0.2 | cpe:2.3:a:phppgadmin_project:phppgadmin:5.0.2:*:*:*:*:*:*:* |
opensuse | opensuse | 11.4 | cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:* |
opensuse | opensuse | 12.1 | cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:* |
lists.opensuse.org/opensuse-updates/2012-04/msg00033.html
secunia.com/advisories/48574
sourceforge.net/p/phppgadmin/mailman/message/28783470/
www.openwall.com/lists/oss-security/2012/03/28/11
www.openwall.com/lists/oss-security/2012/03/29/6
www.openwall.com/lists/oss-security/2012/03/30/7
www.osvdb.org/80870
www.postgresql.org/message-id/4F6B447C.6080204%40dalibo.com
www.securityfocus.com/bid/52761
bugzilla.redhat.com/show_bug.cgi?id=808439
exchange.xforce.ibmcloud.com/vulnerabilities/74440
github.com/phppgadmin/phppgadmin/commit/74174ad639664b52cc1609ede0af8bc403e98a00
github.com/phppgadmin/phppgadmin/commit/e92a003624609a445c4cf57c9c3d1fcef0eae47c#diff-0