CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
Percentile
49.2%
The phpMyAdmin development team reports:
When creating/modifying a trigger, event or procedure
with a crafted name, it is possible to trigger an XSS.
To display information about the current phpMyAdmin
version on the main page, a piece of JavaScript is fetched
from the phpmyadmin.net website in non-SSL mode. A
man-in-the-middle could modify this script on the wire to
cause mischief.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | phpmyadmin | = 3.5 | UNKNOWN |
FreeBSD | any | noarch | phpmyadmin | < 3.5.3 | UNKNOWN |