Lucene search
HistoryJul 31, 2013 - 1:20 p.m.
CVE-2013-5002
3.5 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
5 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
37.1%
Cross-site scripting (XSS) vulnerability in libraries/schema/Export_Relation_Schema.class.php in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted pageNumber value to schema_export.php.
Affected configurations
Node
phpmyadminphpmyadminMatch3.5.0.0
ORphpmyadminphpmyadminMatch3.5.1.0
ORphpmyadminphpmyadminMatch3.5.2.0
ORphpmyadminphpmyadminMatch3.5.2.1
ORphpmyadminphpmyadminMatch3.5.2.2
ORphpmyadminphpmyadminMatch3.5.3.0
ORphpmyadminphpmyadminMatch3.5.4
ORphpmyadminphpmyadminMatch3.5.5
ORphpmyadminphpmyadminMatch3.5.6
ORphpmyadminphpmyadminMatch3.5.7
ORphpmyadminphpmyadminMatch3.5.7rc1
ORphpmyadminphpmyadminMatch3.5.8
ORphpmyadminphpmyadminMatch3.5.8rc1
ORphpmyadminphpmyadminMatch3.5.8.1
Node
phpmyadminphpmyadminMatch4.0.0
ORphpmyadminphpmyadminMatch4.0.0rc2
ORphpmyadminphpmyadminMatch4.0.0rc3
ORphpmyadminphpmyadminMatch4.0.1
ORphpmyadminphpmyadminMatch4.0.2
ORphpmyadminphpmyadminMatch4.0.3
ORphpmyadminphpmyadminMatch4.0.4
ORphpmyadminphpmyadminMatch4.0.4.1
Related
osv
osv
phpMyAdmin Cross-site scripting (XSS) vulnerability via pageNumber value
2022-05-17 03:12:55
phpmyadmin - security update
2014-07-09 00:00:00
prion
prion
Cross site scripting
2013-07-31 13:20:00
cve
cve
CVE-2013-5002
2013-07-31 13:20:08
github
github
phpMyAdmin Cross-site scripting (XSS) vulnerability via pageNumber value
2022-05-17 03:12:55
ubuntucve
ubuntucve
CVE-2013-5002
2013-07-31 00:00:00
debiancve
debiancve
CVE-2013-5002
2013-07-31 13:20:08
cvelist
cvelist
CVE-2013-5002
2013-07-30 18:00:00
phpmyadmin
phpmyadmin
Self-XSS due to unescaped HTML output in schema export.
2013-07-28 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-2975-1)
2014-07-08 00:00:00
Debian Security Advisory DSA 2975-1 (phpmyadmin - security update)
2014-07-09 00:00:00
Mageia: Security Advisory (MGASA-2013-0238)
2022-01-28 00:00:00
debian
debian
[SECURITY] [DSA 2975-1] phpmyadmin security update
2014-07-09 18:45:33
nessus
nessus
Debian DSA-2975-1 : phpmyadmin - security update
2014-07-10 00:00:00
Mandriva Linux Security Advisory : phpmyadmin (MDVSA-2013:203)
2013-07-31 00:00:00
phpMyAdmin 3.5.x < 3.5.8.2 / 4.0.x < 4.0.4.2 Multiple Vulnerabilities
2013-08-08 00:00:00
securityvulns
securityvulns
[ MDVSA-2013:203 ] phpmyadmin
2013-09-09 00:00:00
mageia
mageia
Updated phpmyadmin packages fix security vulnerabilities
2013-07-29 18:06:10
gentoo
gentoo
phpMyAdmin: Multiple vulnerabilities
2013-11-04 00:00:00
3.5 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
5 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
37.1%
Related for NVD:CVE-2013-5002