Описание
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.4.x before 3.4.8 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted database name, related to the Database Synchronize panel; (2) a crafted database name, related to the Database rename panel; (3) a crafted SQL query, related to the table overview panel; (4) a crafted SQL query, related to the view creation dialog; (5) a crafted column type, related to the table search dialog; or (6) a crafted column type, related to the create index dialog.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 4:3.4.8-1 |
| hardy | not-affected | |
| lucid | not-affected | |
| maverick | not-affected | |
| natty | not-affected | 4:3.3.10-1 |
| oneiric | ignored | end of life |
| precise | not-affected | 4:3.4.8-1 |
| quantal | not-affected | 4:3.4.8-1 |
| raring | not-affected | 4:3.4.8-1 |
| upstream | not-affected | 4:3.4.9-1 |
Показывать по
EPSS
4.3 Medium
CVSS2
Связанные уязвимости
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.4.x before 3.4.8 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted database name, related to the Database Synchronize panel; (2) a crafted database name, related to the Database rename panel; (3) a crafted SQL query, related to the table overview panel; (4) a crafted SQL query, related to the view creation dialog; (5) a crafted column type, related to the table search dialog; or (6) a crafted column type, related to the create index dialog.
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.4. ...
EPSS
4.3 Medium
CVSS2