CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
Percentile
94.3%
Incomplete blacklist vulnerability in index.php in phpMyAdmin 2.8.0 through
2.9.2 allows remote attackers to conduct cross-site scripting (XSS) attacks
by injecting arbitrary JavaScript or HTML in a (1) db or (2) table
parameter value followed by an uppercase </SCRIPT> end tag, which bypasses
the protection against lowercase </script>.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 7.04 | noarch | phpmyadmin | < 4:2.9.1.1-2ubuntu1.1 | UNKNOWN |