Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
phpmyadminPhpMyAdminPHPMYADMIN:PMASA-2008-8
HistorySep 23, 2008 - 12:00 a.m.

XSS for Microsoft Internet Explorer on several places

2008-09-2300:00:00
www.phpmyadmin.net
12

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

74.0%

JSON

PMASA-2008-8

Announcement-ID: PMASA-2008-8

Date: 2008-09-23

Updated: 2008-10-01

Summary

XSS for Microsoft Internet Explorer on several places

Description

We received an advisory from Masako Oono of NetAgent Co.,Ltd. via JPCERT/CC Vulnerability Handling Team and we wish to thank them for their work. A logged-in user (when using Microsoft Internet Explorer) can be subject of cross site scripting attack using several variables. This issue does not affect other browsers (tested with Mozilla Firefox, Google Chrome, Konqueror and Apple Safari).

Severity

We consider this vulnerability to be serious.

Affected Versions

Versions before 2.11.9.2.

Solution

Upgrade to phpMyAdmin 2.11.9.2 or newer.

References

Advisory: http://jvn.jp/en/jp/JVN54824688

Assigned CVE ids: CVE-2008-4326

CWE ids: CWE-661 CWE-79

Patches

The following commits have been made to fix this issue:

The following commits have been made on the 2.11 branch to fix this issue:

More information

For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.

CPENameOperatorVersion
phpmyadminle2.11.9.2.

Related

ubuntucve 1
openvas 7
cve 1
redhatcve 1
debiancve 1
nessus 3
jvn 1
debian 1
prion 1
ubuntucve
ubuntucve
CVE-2008-4326
2008-09-30 00:00:00
openvas
openvas
FreeBSD Ports: phpMyAdmin
2008-09-24 00:00:00
Debian Security Advisory DSA 1675-1 (phpmyadmin)
2008-12-03 00:00:00
Debian: Security Advisory (DSA-1675-1)
2008-12-03 00:00:00
cve
cve
CVE-2008-4326
2008-09-30 16:13:00
redhatcve
redhatcve
CVE-2008-4326
2019-10-04 20:33:32
debiancve
debiancve
CVE-2008-4326
2008-09-30 16:13:00
nessus
nessus
Debian DSA-1675-1 : phpmyadmin - insufficient input sanitising
2008-12-03 00:00:00
openSUSE Security Update : phpMyAdmin (phpMyAdmin-442)
2009-07-21 00:00:00
openSUSE 10 Security Update : phpMyAdmin (phpMyAdmin-5935)
2009-01-22 00:00:00
jvn
jvn
JVN#54824688 phpMyAdmin cross-site scripting vulnerability
2008-09-26 00:00:00
debian
debian
[SECURITY] [DSA 1675-1] New phpmyadmin packages fix cross site scripting
2008-11-30 12:53:28
prion
prion
Cross site scripting
2008-09-30 16:13:00

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

74.0%

JSON
Related for PHPMYADMIN:PMASA-2008-8
ubuntucve1openvas7cve1redhatcve1debiancve1nessus3jvn1debian1prion1