Lucene search

[email protected]NVD:CVE-2005-3665

HistoryDec 08, 2005 - 11:03 a.m.

CVE-2005-3665

2005-12-0811:03:00

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.5

Confidence

High

EPSS

0.015

Percentile

87.1%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.7.0 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP_HOST variable and (2) various scripts in the libraries directory that handle header generation.

Affected configurations

Nvd

Node

phpmyadminphpmyadminMatch2.0

phpmyadminphpmyadminMatch2.0.1

phpmyadminphpmyadminMatch2.0.2

phpmyadminphpmyadminMatch2.0.3

phpmyadminphpmyadminMatch2.0.4

phpmyadminphpmyadminMatch2.0.5

phpmyadminphpmyadminMatch2.1

phpmyadminphpmyadminMatch2.1.1

phpmyadminphpmyadminMatch2.1.2

phpmyadminphpmyadminMatch2.2

phpmyadminphpmyadminMatch2.2.2

phpmyadminphpmyadminMatch2.2.3

phpmyadminphpmyadminMatch2.2.4

phpmyadminphpmyadminMatch2.2.5

phpmyadminphpmyadminMatch2.2.6

phpmyadminphpmyadminMatch2.2_pre1

phpmyadminphpmyadminMatch2.2_pre2

phpmyadminphpmyadminMatch2.2_rc1

phpmyadminphpmyadminMatch2.2_rc2

phpmyadminphpmyadminMatch2.2_rc3

phpmyadminphpmyadminMatch2.3.1

phpmyadminphpmyadminMatch2.3.2

phpmyadminphpmyadminMatch2.4.0

phpmyadminphpmyadminMatch2.5.0

phpmyadminphpmyadminMatch2.5.1

phpmyadminphpmyadminMatch2.5.2

phpmyadminphpmyadminMatch2.5.3

phpmyadminphpmyadminMatch2.5.4

phpmyadminphpmyadminMatch2.5.5

phpmyadminphpmyadminMatch2.5.5_pl1

phpmyadminphpmyadminMatch2.5.5_rc1

phpmyadminphpmyadminMatch2.5.5_rc2

phpmyadminphpmyadminMatch2.5.6_rc1

phpmyadminphpmyadminMatch2.5.7

phpmyadminphpmyadminMatch2.5.7_pl1

phpmyadminphpmyadminMatch2.6.0_pl1

phpmyadminphpmyadminMatch2.6.0_pl2

phpmyadminphpmyadminMatch2.6.0_pl3

phpmyadminphpmyadminMatch2.6.1

phpmyadminphpmyadminMatch2.6.1_pl1

phpmyadminphpmyadminMatch2.6.1_pl3

phpmyadminphpmyadminMatch2.6.1_rc1

phpmyadminphpmyadminMatch2.6.2

phpmyadminphpmyadminMatch2.6.2_rc1

phpmyadminphpmyadminMatch2.6.3_pl1

phpmyadminphpmyadminMatch2.6.4_pl1

phpmyadminphpmyadminMatch2.6.4_pl3

phpmyadminphpmyadminMatch2.6.4_rc1

phpmyadminphpmyadminMatch2.7.0_beta1

References

secunia.com/advisories/17895

secunia.com/advisories/17957

secunia.com/advisories/18618

secunia.com/advisories/22781

www.debian.org/security/2006/dsa-1207

www.gentoo.org/security/en/glsa/glsa-200512-03.xml

www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-8

www.securityfocus.com/archive/1/423142/100/0/threaded

www.securityfocus.com/bid/15735

www.vupen.com/english/advisories/2005/2772

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.5

Confidence

High

EPSS

0.015

Percentile

87.1%

JSON

Related for NVD:CVE-2005-3665

cvelist1 nessus4 openvas8 ubuntucve1 phpmyadmin1 cve2 debiancve1 freebsd1 nvd1 gentoo1 debian2 osv1 suse1