Lucene search

GitHub Advisory DatabaseGHSA-GCVP-CWGW-WX8J

HistoryMay 17, 2022 - 2:37 a.m.

phpMyAdmin XSS Vulnerability

2022-05-1702:37:29

CWE-79

GitHub Advisory Database

github.com

cross-site scripting

phpmyadmin 4.6.x

remote attackers

arbitrary web script

html

comment

software

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.002

Percentile

55.7%

JSON

Cross-site scripting (XSS) vulnerability in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving a comment.

Affected configurations

Vulners

Node

phpmyadminphpmyadminRange<4.6.3

References

github.com/advisories/GHSA-gcvp-cwgw-wx8j

github.com/phpmyadmin/phpmyadmin/commit/72213573182896bd6a6e5af5ba1881dd87c4a20b

nvd.nist.gov/vuln/detail/CVE-2016-5704

security.gentoo.org/glsa/201701-32

www.phpmyadmin.net/security/PMASA-2016-20/

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.002

Percentile

55.7%

JSON

Related for GHSA-GCVP-CWGW-WX8J