CVE-2008-4326

2008-09-3016:13:50

Debian Security Bug Tracker

security-tracker.debian.org

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.004

Percentile

74.3%

JSON

The PMA_escapeJsString function in libraries/js_escape.lib.php in phpMyAdmin before 2.11.9.2, when Internet Explorer is used, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via a NUL byte inside a “</script” sequence.

OSVersionArchitecturePackageVersionFilename
Debian12allphpmyadmin< 4:2.11.8.1-3phpmyadmin_4:2.11.8.1-3_all.deb
Debian11allphpmyadmin< 4:2.11.8.1-3phpmyadmin_4:2.11.8.1-3_all.deb
Debian999allphpmyadmin< 4:2.11.8.1-3phpmyadmin_4:2.11.8.1-3_all.deb
Debian13allphpmyadmin< 4:2.11.8.1-3phpmyadmin_4:2.11.8.1-3_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	phpmyadmin	< 4:2.11.8.1-3	phpmyadmin_4:2.11.8.1-3_all.deb
Debian	11	all	phpmyadmin	< 4:2.11.8.1-3	phpmyadmin_4:2.11.8.1-3_all.deb
Debian	999	all	phpmyadmin	< 4:2.11.8.1-3	phpmyadmin_4:2.11.8.1-3_all.deb
Debian	13	all	phpmyadmin	< 4:2.11.8.1-3	phpmyadmin_4:2.11.8.1-3_all.deb