Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
phpmyadminPhpMyAdminPHPMYADMIN:PMASA-2012-1
HistoryFeb 18, 2012 - 12:00 a.m.

XSS in replication setup.

2012-02-1800:00:00
www.phpmyadmin.net
16

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

72.3%

JSON

PMASA-2012-1

Announcement-ID: PMASA-2012-1

Date: 2012-02-18

Summary

XSS in replication setup.

Description

It was possible to conduct XSS using a crafted database name.

Severity

We consider this vulnerability to be non critical.

Mitigation factor

The victim would have to willingly click on a database name which clearly shows a possible XSS.

Affected Versions

Versions 3.4.x are affected.

Solution

Upgrade to phpMyAdmin 3.4.10.1 or newer or apply patch listed below.

References

Thanks to Jakub Gałczyk (<http://hauntit.blogspot.com>) for reporting this issue.

Assigned CVE ids: CVE-2012-1190

CWE ids: CWE-661 CWE-79

Patches

The following commits have been made to fix this issue:

More information

For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.

CPENameOperatorVersion
phpmyadminle3.4

Related

nessus 7
prion 1
seebug 1
cve 1
openvas 8
freebsd 1
ubuntucve 1
debiancve 1
fedora 3
securityvulns 2
nessus
nessus
phpMyAdmin Replication Setup js/replication.js Database Name XSS
2012-05-17 00:00:00
FreeBSD : phpMyAdmin -- XSS in replication setup (fdd1c316-5a3d-11e1-8d3e-e0cb4e266481)
2012-02-20 00:00:00
openSUSE Security Update : phpMyAdmin (openSUSE-2012-135)
2014-06-13 00:00:00
prion
prion
Cross site scripting
2012-05-03 04:08:00
seebug
seebug
phpMyAdmin 3.x 数据库名称跨站脚本执行漏洞
2012-05-03 00:00:00
cve
cve
CVE-2012-1190
2012-05-03 04:08:00
openvas
openvas
FreeBSD Ports: phpMyAdmin
2012-03-12 00:00:00
FreeBSD Ports: phpMyAdmin
2012-03-12 00:00:00
Fedora Update for phpMyAdmin FEDORA-2012-5624
2012-05-04 00:00:00
freebsd
freebsd
phpMyAdmin -- XSS in replication setup
2012-02-18 00:00:00
ubuntucve
ubuntucve
CVE-2012-1190
2012-05-03 00:00:00
debiancve
debiancve
CVE-2012-1190
2012-05-03 04:08:00
fedora
fedora
[SECURITY] Fedora 17 Update: phpMyAdmin-3.5.0-1.fc17
2012-05-02 04:49:15
[SECURITY] Fedora 15 Update: phpMyAdmin-3.5.0-1.fc15
2012-05-01 00:49:16
[SECURITY] Fedora 16 Update: phpMyAdmin-3.5.0-1.fc16
2012-05-01 00:55:48
securityvulns
securityvulns
[ MDVSA-2012:050 ] phpmyadmin
2012-04-09 00:00:00
Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2012-04-09 00:00:00

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

72.3%

JSON
Related for PHPMYADMIN:PMASA-2012-1
nessus7prion1seebug1cve1openvas8freebsd1ubuntucve1debiancve1fedora3securityvulns2