CVE-2005-0543

2005-02-2405:00:00

CWE-79

mitre

web.nvd.nist.gov

phpmyadmin

xss

vulnerability

web script

remote injection

security

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.5

Confidence

High

EPSS

0.005

Percentile

76.8%

JSON

Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary HTML and web script via (1) the strServer, cfg[BgcolorOne], or strServerChoice parameters in select_server.lib.php, (2) the bg_color or row_no parameters in display_tbl_links.lib.php, the left_font_family parameter in theme_left.css.php, or the right_font_family parameter in theme_right.css.php.

Affected configurations

Nvd

Node

phpmyadminphpmyadminMatch2.6.0_pl2

phpmyadminphpmyadminMatch2.6.0_pl3

phpmyadminphpmyadminMatch2.6.1

phpmyadminphpmyadminMatch2.6.1_rc1

VendorProductVersionCPE
phpmyadminphpmyadmin2.6.0_pl2cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.0_pl2:*:*:*:*:*:*:*
phpmyadminphpmyadmin2.6.0_pl3cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.0_pl3:*:*:*:*:*:*:*
phpmyadminphpmyadmin2.6.1cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.1:*:*:*:*:*:*:*
phpmyadminphpmyadmin2.6.1_rc1cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.1_rc1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
phpmyadmin	phpmyadmin	2.6.0_pl2	cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.0_pl2:::::::*
phpmyadmin	phpmyadmin	2.6.0_pl3	cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.0_pl3:::::::*
phpmyadmin	phpmyadmin	2.6.1	cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.1:::::::*
phpmyadmin	phpmyadmin	2.6.1_rc1	cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.1_rc1:::::::*