CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
EPSS
Percentile
37.4%
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x
before 3.5.2.2 allow remote authenticated users to inject arbitrary web
script or HTML via a Table Operations (1) TRUNCATE or (2) DROP link for a
crafted table name, (3) the Add Trigger popup within a Triggers page that
references crafted table names, (4) an invalid trigger-creation attempt for
a crafted table name, (5) crafted data in a table, or (6) a crafted tooltip
label name during GIS data visualization, a different issue than
CVE-2012-4345.
Author | Note |
---|---|
sbeattie | only issues #1 and #2 affect 3.4.x |