Lucene search
HistorySep 30, 2008 - 4:13 p.m.
CVE-2008-4326
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
0.004
Percentile
74.3%
The PMA_escapeJsString function in libraries/js_escape.lib.php in phpMyAdmin before 2.11.9.2, when Internet Explorer is used, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via a NUL byte inside a “</script” sequence.
Affected configurations
Node
phpmyadminphpmyadminRange≤2.11.9.1
ORphpmyadminphpmyadminMatch2.0
ORphpmyadminphpmyadminMatch2.0.0
ORphpmyadminphpmyadminMatch2.0.1
ORphpmyadminphpmyadminMatch2.0.2
ORphpmyadminphpmyadminMatch2.0.3
ORphpmyadminphpmyadminMatch2.0.4
ORphpmyadminphpmyadminMatch2.0.5
ORphpmyadminphpmyadminMatch2.1
ORphpmyadminphpmyadminMatch2.1.0
ORphpmyadminphpmyadminMatch2.1.1
ORphpmyadminphpmyadminMatch2.1.2
ORphpmyadminphpmyadminMatch2.2
ORphpmyadminphpmyadminMatch2.2.0
ORphpmyadminphpmyadminMatch2.2.0_pre1
ORphpmyadminphpmyadminMatch2.2.0_pre2
ORphpmyadminphpmyadminMatch2.2.0_rc1
ORphpmyadminphpmyadminMatch2.2.0_rc2
ORphpmyadminphpmyadminMatch2.2.0_rc3
ORphpmyadminphpmyadminMatch2.2.2
ORphpmyadminphpmyadminMatch2.2.3
ORphpmyadminphpmyadminMatch2.2.4
ORphpmyadminphpmyadminMatch2.2.5
ORphpmyadminphpmyadminMatch2.2.6
ORphpmyadminphpmyadminMatch2.2.7_pl1
ORphpmyadminphpmyadminMatch2.2_pre1
ORphpmyadminphpmyadminMatch2.2_pre2
ORphpmyadminphpmyadminMatch2.2_rc1
ORphpmyadminphpmyadminMatch2.2_rc2
ORphpmyadminphpmyadminMatch2.2_rc3
ORphpmyadminphpmyadminMatch2.3.1
ORphpmyadminphpmyadminMatch2.3.2
ORphpmyadminphpmyadminMatch2.4.0
ORphpmyadminphpmyadminMatch2.5.0
ORphpmyadminphpmyadminMatch2.5.1
ORphpmyadminphpmyadminMatch2.5.2
ORphpmyadminphpmyadminMatch2.5.2_pl1
ORphpmyadminphpmyadminMatch2.5.3
ORphpmyadminphpmyadminMatch2.5.4
ORphpmyadminphpmyadminMatch2.5.5
ORphpmyadminphpmyadminMatch2.5.5_pl1
ORphpmyadminphpmyadminMatch2.5.5_rc1
ORphpmyadminphpmyadminMatch2.5.5_rc2
ORphpmyadminphpmyadminMatch2.5.6_rc1
ORphpmyadminphpmyadminMatch2.5.6_rc2
ORphpmyadminphpmyadminMatch2.5.7
ORphpmyadminphpmyadminMatch2.5.7_pl1
ORphpmyadminphpmyadminMatch2.6.0_pl1
ORphpmyadminphpmyadminMatch2.6.0_pl2
ORphpmyadminphpmyadminMatch2.6.0_pl3
ORphpmyadminphpmyadminMatch2.6.1
ORphpmyadminphpmyadminMatch2.6.1_pl1
ORphpmyadminphpmyadminMatch2.6.1_pl3
ORphpmyadminphpmyadminMatch2.6.1_rc1
ORphpmyadminphpmyadminMatch2.6.2
ORphpmyadminphpmyadminMatch2.6.2_dev
ORphpmyadminphpmyadminMatch2.6.2_pl1
ORphpmyadminphpmyadminMatch2.6.2_rc1
ORphpmyadminphpmyadminMatch2.6.3
ORphpmyadminphpmyadminMatch2.6.3_pl1
ORphpmyadminphpmyadminMatch2.6.4
ORphpmyadminphpmyadminMatch2.6.4_pl1
ORphpmyadminphpmyadminMatch2.6.4_pl2
ORphpmyadminphpmyadminMatch2.6.4_pl3
ORphpmyadminphpmyadminMatch2.6.4_pl4
ORphpmyadminphpmyadminMatch2.6.4_rc1
ORphpmyadminphpmyadminMatch2.7
ORphpmyadminphpmyadminMatch2.7.0
ORphpmyadminphpmyadminMatch2.7.0_beta1
ORphpmyadminphpmyadminMatch2.7.0_pl1
ORphpmyadminphpmyadminMatch2.7.0_pl2
ORphpmyadminphpmyadminMatch2.7.0_rc1
ORphpmyadminphpmyadminMatch2.7_pl1
ORphpmyadminphpmyadminMatch2.8.0
ORphpmyadminphpmyadminMatch2.8.0.1
ORphpmyadminphpmyadminMatch2.8.0.2
ORphpmyadminphpmyadminMatch2.8.0.3
ORphpmyadminphpmyadminMatch2.8.1
ORphpmyadminphpmyadminMatch2.8.1_dev
ORphpmyadminphpmyadminMatch2.8.2
ORphpmyadminphpmyadminMatch2.8.3
ORphpmyadminphpmyadminMatch2.8.4
ORphpmyadminphpmyadminMatch2.9
ORphpmyadminphpmyadminMatch2.9.0
ORphpmyadminphpmyadminMatch2.9.0.1
ORphpmyadminphpmyadminMatch2.9.0.2
ORphpmyadminphpmyadminMatch2.9.0.3
ORphpmyadminphpmyadminMatch2.9.0_beta1
ORphpmyadminphpmyadminMatch2.9.0_dev
ORphpmyadminphpmyadminMatch2.9.0_rc1
ORphpmyadminphpmyadminMatch2.9.1
ORphpmyadminphpmyadminMatch2.9.1.1
ORphpmyadminphpmyadminMatch2.9.1_rc1
ORphpmyadminphpmyadminMatch2.9.1_rc2
ORphpmyadminphpmyadminMatch2.9.2
ORphpmyadminphpmyadminMatch2.9_rc1
ORphpmyadminphpmyadminMatch2.10.0
ORphpmyadminphpmyadminMatch2.10.0.0
ORphpmyadminphpmyadminMatch2.10.0.1
ORphpmyadminphpmyadminMatch2.10.0.2
ORphpmyadminphpmyadminMatch2.10.1
ORphpmyadminphpmyadminMatch2.10.01
ORphpmyadminphpmyadminMatch2.10.1.0
ORphpmyadminphpmyadminMatch2.10.2
ORphpmyadminphpmyadminMatch2.10.2.0
ORphpmyadminphpmyadminMatch2.10.3
ORphpmyadminphpmyadminMatch2.10.3.0
ORphpmyadminphpmyadminMatch2.10.3rc1
ORphpmyadminphpmyadminMatch2.11.0
ORphpmyadminphpmyadminMatch2.11.0.0
ORphpmyadminphpmyadminMatch2.11.0beta1
ORphpmyadminphpmyadminMatch2.11.0rc1
ORphpmyadminphpmyadminMatch2.11.1
ORphpmyadminphpmyadminMatch2.11.1.0
ORphpmyadminphpmyadminMatch2.11.1.1
ORphpmyadminphpmyadminMatch2.11.1.2
ORphpmyadminphpmyadminMatch2.11.1rc1
ORphpmyadminphpmyadminMatch2.11.2
ORphpmyadminphpmyadminMatch2.11.2.0
ORphpmyadminphpmyadminMatch2.11.2.1
ORphpmyadminphpmyadminMatch2.11.2.2
ORphpmyadminphpmyadminMatch2.11.3
ORphpmyadminphpmyadminMatch2.11.3.0
ORphpmyadminphpmyadminMatch2.11.3rc1
ORphpmyadminphpmyadminMatch2.11.4
ORphpmyadminphpmyadminMatch2.11.4.0
ORphpmyadminphpmyadminMatch2.11.4rc1
ORphpmyadminphpmyadminMatch2.11.5
ORphpmyadminphpmyadminMatch2.11.5.0
ORphpmyadminphpmyadminMatch2.11.5.1
ORphpmyadminphpmyadminMatch2.11.5.2
ORphpmyadminphpmyadminMatch2.11.5rc1
ORphpmyadminphpmyadminMatch2.11.6
ORphpmyadminphpmyadminMatch2.11.6rc1
ORphpmyadminphpmyadminMatch2.11.7
ORphpmyadminphpmyadminMatch2.11.7.0
ORphpmyadminphpmyadminMatch2.11.8
ORphpmyadminphpmyadminMatch2.11.9
microsoftinternet_explorer
| Vendor | Product | Version | CPE |
|---|---|---|---|
| phpmyadmin | phpmyadmin | * | cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:* |
| phpmyadmin | phpmyadmin | 2.0 | cpe:2.3:a:phpmyadmin:phpmyadmin:2.0:*:*:*:*:*:*:* |
| phpmyadmin | phpmyadmin | 2.0.0 | cpe:2.3:a:phpmyadmin:phpmyadmin:2.0.0:*:*:*:*:*:*:* |
| phpmyadmin | phpmyadmin | 2.0.1 | cpe:2.3:a:phpmyadmin:phpmyadmin:2.0.1:*:*:*:*:*:*:* |
| phpmyadmin | phpmyadmin | 2.0.2 | cpe:2.3:a:phpmyadmin:phpmyadmin:2.0.2:*:*:*:*:*:*:* |
| phpmyadmin | phpmyadmin | 2.0.3 | cpe:2.3:a:phpmyadmin:phpmyadmin:2.0.3:*:*:*:*:*:*:* |
| phpmyadmin | phpmyadmin | 2.0.4 | cpe:2.3:a:phpmyadmin:phpmyadmin:2.0.4:*:*:*:*:*:*:* |
| phpmyadmin | phpmyadmin | 2.0.5 | cpe:2.3:a:phpmyadmin:phpmyadmin:2.0.5:*:*:*:*:*:*:* |
| phpmyadmin | phpmyadmin | 2.1 | cpe:2.3:a:phpmyadmin:phpmyadmin:2.1:*:*:*:*:*:*:* |
| phpmyadmin | phpmyadmin | 2.1.0 | cpe:2.3:a:phpmyadmin:phpmyadmin:2.1.0:*:*:*:*:*:*:* |
References
jvn.jp/en/jp/JVN54824688/index.html
jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000061.html
lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html
osvdb.org/48511
phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_2_11_9/phpMyAdmin/libraries/js_escape.lib.php?r1=11514&r2=11603&pathrev=11603
phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/QA_2_11/phpMyAdmin/libraries/js_escape.lib.php?view=log&pathrev=11603
secunia.com/advisories/31974
secunia.com/advisories/31992
secunia.com/advisories/32954
secunia.com/advisories/33822
typo3.org/teams/security/security-bulletins/typo3-20080924-1/
www.debian.org/security/2008/dsa-1675
www.openwall.com/lists/oss-security/2008/09/22/2
www.phpmyadmin.net/home_page/downloads.php?relnotes=1
www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-8
www.vupen.com/english/advisories/2008/2657
Related
redhatcve
redhatcve
CVE-2008-4326
2019-10-04 20:33:32
debiancve
debiancve
CVE-2008-4326
2008-09-30 16:13:50
openvas
openvas
FreeBSD Ports: phpMyAdmin
2008-09-24 00:00:00
Debian Security Advisory DSA 1675-1 (phpmyadmin)
2008-12-03 00:00:00
FreeBSD Ports: phpMyAdmin
2008-09-24 00:00:00
cve
cve
CVE-2008-4326
2008-09-30 16:13:50
cvelist
cvelist
CVE-2008-4326
2008-09-30 16:00:00
nessus
nessus
Debian DSA-1675-1 : phpmyadmin - insufficient input sanitising
2008-12-03 00:00:00
openSUSE Security Update : phpMyAdmin (phpMyAdmin-442)
2009-07-21 00:00:00
openSUSE 10 Security Update : phpMyAdmin (phpMyAdmin-5935)
2009-01-22 00:00:00
jvn
jvn
JVN#54824688 phpMyAdmin cross-site scripting vulnerability
2008-09-26 00:00:00
debian
debian
[SECURITY] [DSA 1675-1] New phpmyadmin packages fix cross site scripting
2008-11-30 12:53:28
prion
prion
Cross site scripting
2008-09-30 16:13:00
phpmyadmin
phpmyadmin
XSS for Microsoft Internet Explorer on several places
2008-09-23 00:00:00
ubuntucve
ubuntucve
CVE-2008-4326
2008-09-30 00:00:00
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
0.004
Percentile
74.3%
Related for NVD:CVE-2008-4326