CVE-2004-1055

2005-03-0105:00:00

Debian Security Bug Tracker

security-tracker.debian.org

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.009

Percentile

83.0%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.6.0-pl2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PmaAbsoluteUri parameter, (2) the zero_rows parameter in read_dump.php, (3) the confirm form, or (4) an error message generated by the internal phpMyAdmin parser.

OSVersionArchitecturePackageVersionFilename
Debian12allphpmyadmin< 2:2.6.0-pl3-1phpmyadmin_2:2.6.0-pl3-1_all.deb
Debian11allphpmyadmin< 2:2.6.0-pl3-1phpmyadmin_2:2.6.0-pl3-1_all.deb
Debian999allphpmyadmin< 2:2.6.0-pl3-1phpmyadmin_2:2.6.0-pl3-1_all.deb
Debian13allphpmyadmin< 2:2.6.0-pl3-1phpmyadmin_2:2.6.0-pl3-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	phpmyadmin	< 2:2.6.0-pl3-1	phpmyadmin_2:2.6.0-pl3-1_all.deb
Debian	11	all	phpmyadmin	< 2:2.6.0-pl3-1	phpmyadmin_2:2.6.0-pl3-1_all.deb
Debian	999	all	phpmyadmin	< 2:2.6.0-pl3-1	phpmyadmin_2:2.6.0-pl3-1_all.deb
Debian	13	all	phpmyadmin	< 2:2.6.0-pl3-1	phpmyadmin_2:2.6.0-pl3-1_all.deb