CVE-2005-3301

2005-10-2410:02:00

mitre

web.nvd.nist.gov

cve-2005-3301

cross-site scripting

xss

phpmyadmin

security vulnerability

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.5

Confidence

High

EPSS

0.008

Percentile

81.5%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4-pl3 allow remote attackers to inject arbitrary web script or HTML via certain arguments to (1) left.php, (2) queryframe.php, or (3) server_databases.php.

Affected configurations

Nvd

Node

phpmyadminphpmyadminMatch2.6.4

phpmyadminphpmyadminMatch2.6.4_pl1

phpmyadminphpmyadminMatch2.6.4_pl2

phpmyadminphpmyadminMatch2.6.4_rc1

VendorProductVersionCPE
phpmyadminphpmyadmin2.6.4cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.4:*:*:*:*:*:*:*
phpmyadminphpmyadmin2.6.4_pl1cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.4_pl1:*:*:*:*:*:*:*
phpmyadminphpmyadmin2.6.4_pl2cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.4_pl2:*:*:*:*:*:*:*
phpmyadminphpmyadmin2.6.4_rc1cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.4_rc1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
phpmyadmin	phpmyadmin	2.6.4	cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.4:::::::*
phpmyadmin	phpmyadmin	2.6.4_pl1	cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.4_pl1:::::::*
phpmyadmin	phpmyadmin	2.6.4_pl2	cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.4_pl2:::::::*
phpmyadmin	phpmyadmin	2.6.4_rc1	cpe:2.3:a:phpmyadmin:phpmyadmin:2.6.4_rc1:::::::*