4.3

CVE-2008-4326

Exploit

The PMA_escapeJsString function in libraries/js_escape.lib.php in phpMyAdmin before 2.11.9.2, when Internet Explorer is used, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via a NUL byte inside a "</script" sequence.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PhpmyadminPhpmyadmin Version <= 2.11.9.1
PhpmyadminPhpmyadmin Version2.0.0
PhpmyadminPhpmyadmin Version2.0.1
PhpmyadminPhpmyadmin Version2.0.2
PhpmyadminPhpmyadmin Version2.0.3
PhpmyadminPhpmyadmin Version2.0.4
PhpmyadminPhpmyadmin Version2.0.5
PhpmyadminPhpmyadmin Version2.1.0
PhpmyadminPhpmyadmin Version2.1.1
PhpmyadminPhpmyadmin Version2.1.2
PhpmyadminPhpmyadmin Version2.2.0
PhpmyadminPhpmyadmin Version2.2.0_pre1
PhpmyadminPhpmyadmin Version2.2.0_pre2
PhpmyadminPhpmyadmin Version2.2.0_rc1
PhpmyadminPhpmyadmin Version2.2.0_rc2
PhpmyadminPhpmyadmin Version2.2.0_rc3
PhpmyadminPhpmyadmin Version2.2.2
PhpmyadminPhpmyadmin Version2.2.3
PhpmyadminPhpmyadmin Version2.2.4
PhpmyadminPhpmyadmin Version2.2.5
PhpmyadminPhpmyadmin Version2.2.6
PhpmyadminPhpmyadmin Version2.2.7_pl1
PhpmyadminPhpmyadmin Version2.2_pre1
PhpmyadminPhpmyadmin Version2.2_pre2
PhpmyadminPhpmyadmin Version2.2_rc1
PhpmyadminPhpmyadmin Version2.2_rc2
PhpmyadminPhpmyadmin Version2.2_rc3
PhpmyadminPhpmyadmin Version2.3.1
PhpmyadminPhpmyadmin Version2.3.2
PhpmyadminPhpmyadmin Version2.4.0
PhpmyadminPhpmyadmin Version2.5.0
PhpmyadminPhpmyadmin Version2.5.1
PhpmyadminPhpmyadmin Version2.5.2
PhpmyadminPhpmyadmin Version2.5.2_pl1
PhpmyadminPhpmyadmin Version2.5.3
PhpmyadminPhpmyadmin Version2.5.4
PhpmyadminPhpmyadmin Version2.5.5
PhpmyadminPhpmyadmin Version2.5.5_pl1
PhpmyadminPhpmyadmin Version2.5.5_rc1
PhpmyadminPhpmyadmin Version2.5.5_rc2
PhpmyadminPhpmyadmin Version2.5.6_rc1
PhpmyadminPhpmyadmin Version2.5.6_rc2
PhpmyadminPhpmyadmin Version2.5.7
PhpmyadminPhpmyadmin Version2.5.7_pl1
PhpmyadminPhpmyadmin Version2.6.0_pl1
PhpmyadminPhpmyadmin Version2.6.0_pl2
PhpmyadminPhpmyadmin Version2.6.0_pl3
PhpmyadminPhpmyadmin Version2.6.1
PhpmyadminPhpmyadmin Version2.6.1_pl1
PhpmyadminPhpmyadmin Version2.6.1_pl3
PhpmyadminPhpmyadmin Version2.6.1_rc1
PhpmyadminPhpmyadmin Version2.6.2
PhpmyadminPhpmyadmin Version2.6.2_dev
PhpmyadminPhpmyadmin Version2.6.2_pl1
PhpmyadminPhpmyadmin Version2.6.2_rc1
PhpmyadminPhpmyadmin Version2.6.3
PhpmyadminPhpmyadmin Version2.6.3_pl1
PhpmyadminPhpmyadmin Version2.6.4
PhpmyadminPhpmyadmin Version2.6.4_pl1
PhpmyadminPhpmyadmin Version2.6.4_pl2
PhpmyadminPhpmyadmin Version2.6.4_pl3
PhpmyadminPhpmyadmin Version2.6.4_pl4
PhpmyadminPhpmyadmin Version2.6.4_rc1
PhpmyadminPhpmyadmin Version2.7.0
PhpmyadminPhpmyadmin Version2.7.0_beta1
PhpmyadminPhpmyadmin Version2.7.0_pl1
PhpmyadminPhpmyadmin Version2.7.0_pl2
PhpmyadminPhpmyadmin Version2.7.0_rc1
PhpmyadminPhpmyadmin Version2.7_pl1
PhpmyadminPhpmyadmin Version2.8.0
PhpmyadminPhpmyadmin Version2.8.0.1
PhpmyadminPhpmyadmin Version2.8.0.2
PhpmyadminPhpmyadmin Version2.8.0.3
PhpmyadminPhpmyadmin Version2.8.1
PhpmyadminPhpmyadmin Version2.8.1_dev
PhpmyadminPhpmyadmin Version2.8.2
PhpmyadminPhpmyadmin Version2.8.3
PhpmyadminPhpmyadmin Version2.8.4
PhpmyadminPhpmyadmin Version2.9.0
PhpmyadminPhpmyadmin Version2.9.0.1
PhpmyadminPhpmyadmin Version2.9.0.2
PhpmyadminPhpmyadmin Version2.9.0.3
PhpmyadminPhpmyadmin Version2.9.0_beta1
PhpmyadminPhpmyadmin Version2.9.0_dev
PhpmyadminPhpmyadmin Version2.9.0_rc1
PhpmyadminPhpmyadmin Version2.9.1
PhpmyadminPhpmyadmin Version2.9.1.1
PhpmyadminPhpmyadmin Version2.9.1_rc1
PhpmyadminPhpmyadmin Version2.9.1_rc2
PhpmyadminPhpmyadmin Version2.9.2
PhpmyadminPhpmyadmin Version2.9_rc1
PhpmyadminPhpmyadmin Version2.10.0
PhpmyadminPhpmyadmin Version2.10.0.0
PhpmyadminPhpmyadmin Version2.10.0.1
PhpmyadminPhpmyadmin Version2.10.0.2
PhpmyadminPhpmyadmin Version2.10.1
PhpmyadminPhpmyadmin Version2.10.01
PhpmyadminPhpmyadmin Version2.10.1.0
PhpmyadminPhpmyadmin Version2.10.2
PhpmyadminPhpmyadmin Version2.10.2.0
PhpmyadminPhpmyadmin Version2.10.3
PhpmyadminPhpmyadmin Version2.10.3.0
PhpmyadminPhpmyadmin Version2.10.3rc1
PhpmyadminPhpmyadmin Version2.11.0
PhpmyadminPhpmyadmin Version2.11.0.0
PhpmyadminPhpmyadmin Version2.11.0beta1
PhpmyadminPhpmyadmin Version2.11.0rc1
PhpmyadminPhpmyadmin Version2.11.1
PhpmyadminPhpmyadmin Version2.11.1.0
PhpmyadminPhpmyadmin Version2.11.1.1
PhpmyadminPhpmyadmin Version2.11.1.2
PhpmyadminPhpmyadmin Version2.11.1rc1
PhpmyadminPhpmyadmin Version2.11.2
PhpmyadminPhpmyadmin Version2.11.2.0
PhpmyadminPhpmyadmin Version2.11.2.1
PhpmyadminPhpmyadmin Version2.11.2.2
PhpmyadminPhpmyadmin Version2.11.3
PhpmyadminPhpmyadmin Version2.11.3.0
PhpmyadminPhpmyadmin Version2.11.3rc1
PhpmyadminPhpmyadmin Version2.11.4
PhpmyadminPhpmyadmin Version2.11.4.0
PhpmyadminPhpmyadmin Version2.11.4rc1
PhpmyadminPhpmyadmin Version2.11.5
PhpmyadminPhpmyadmin Version2.11.5.0
PhpmyadminPhpmyadmin Version2.11.5.1
PhpmyadminPhpmyadmin Version2.11.5.2
PhpmyadminPhpmyadmin Version2.11.5rc1
PhpmyadminPhpmyadmin Version2.11.6
PhpmyadminPhpmyadmin Version2.11.6rc1
PhpmyadminPhpmyadmin Version2.11.7
PhpmyadminPhpmyadmin Version2.11.7.0
PhpmyadminPhpmyadmin Version2.11.8
PhpmyadminPhpmyadmin Version2.11.9
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.43% 0.613
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.