FreeBSDDB1D3340-E83B-11E1-999B-E0CB4E266481phpMyAdmin -- Multiple XSS in Table operations, Database structure, Trigger and Visualize GIS data pages
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
EPSS
Percentile
36.9%
The phpMyAdmin development team reports:
Using a crafted table name, it was possible to produce a
XSS : 1) On the Database Structure page, creating a new
table with a crafted name 2) On the Database Structure page,
using the Empty and Drop links of the crafted table name 3)
On the Table Operations page of a crafted table, using the
βEmpty the table (TRUNCATE)β and βDelete the table (DROP)β
links 4) On the Triggers page of a database containing
tables with a crafted name, when opening the βAdd Triggerβ
popup 5) When creating a trigger for a table with a crafted
name, with an invalid definition. Having crafted data in a
database table, it was possible to produce a XSS : 6) When
visualizing GIS data, having a crafted label name.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| FreeBSD | any | noarch | phpmyadmin | <Β 3.5.2.2 | UNKNOWN |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
EPSS
Percentile
36.9%