CVE-2009-1150

EPSS 0.75%
Published 26.03.2009 14:30:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

Multiple cross-site scripting (XSS) vulnerabilities in the export page (display_export.lib.php) in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allow remote attackers to inject arbitrary web script or HTML via the pma_db_filename_template cookie.

Affected products Warnungen 0 Metrics 2 CWE 1 References 14

Data is provided by the National Vulnerability Database (NVD)

Phpmyadmin ≫ Phpmyadmin Version2.11.0

Phpmyadmin ≫ Phpmyadmin Version2.11.0 Updatebeta1

Phpmyadmin ≫ Phpmyadmin Version2.11.0 Updaterc1

Phpmyadmin ≫ Phpmyadmin Version2.11.1

Phpmyadmin ≫ Phpmyadmin Version2.11.1 Updaterc1

Phpmyadmin ≫ Phpmyadmin Version2.11.1.0

Phpmyadmin ≫ Phpmyadmin Version2.11.1.1

Phpmyadmin ≫ Phpmyadmin Version2.11.1.2

Phpmyadmin ≫ Phpmyadmin Version2.11.2

Phpmyadmin ≫ Phpmyadmin Version2.11.2.0

Phpmyadmin ≫ Phpmyadmin Version2.11.2.1

Phpmyadmin ≫ Phpmyadmin Version2.11.2.2

Phpmyadmin ≫ Phpmyadmin Version2.11.3

Phpmyadmin ≫ Phpmyadmin Version2.11.3 Updaterc1

Phpmyadmin ≫ Phpmyadmin Version2.11.3.0

Phpmyadmin ≫ Phpmyadmin Version2.11.4

Phpmyadmin ≫ Phpmyadmin Version2.11.4 Updaterc1

Phpmyadmin ≫ Phpmyadmin Version2.11.5

Phpmyadmin ≫ Phpmyadmin Version2.11.5 Updaterc1

Phpmyadmin ≫ Phpmyadmin Version2.11.5.0

Phpmyadmin ≫ Phpmyadmin Version2.11.5.1

Phpmyadmin ≫ Phpmyadmin Version2.11.5.2

Phpmyadmin ≫ Phpmyadmin Version2.11.6

Phpmyadmin ≫ Phpmyadmin Version2.11.6 Updaterc1

Phpmyadmin ≫ Phpmyadmin Version2.11.6.0

Phpmyadmin ≫ Phpmyadmin Version2.11.7

Phpmyadmin ≫ Phpmyadmin Version2.11.7.0

Phpmyadmin ≫ Phpmyadmin Version2.11.8

Phpmyadmin ≫ Phpmyadmin Version2.11.9

Phpmyadmin ≫ Phpmyadmin Version2.11.9.0

Phpmyadmin ≫ Phpmyadmin Version2.11.9.1

Phpmyadmin ≫ Phpmyadmin Version2.11.9.2

Phpmyadmin ≫ Phpmyadmin Version2.11.9.3

Phpmyadmin ≫ Phpmyadmin Version2.11.9.4

Phpmyadmin ≫ Phpmyadmin Version3.1.0

Phpmyadmin ≫ Phpmyadmin Version3.1.1

Phpmyadmin ≫ Phpmyadmin Version3.1.1 Updaterc1

Phpmyadmin ≫ Phpmyadmin Version3.1.2

Phpmyadmin ≫ Phpmyadmin Version3.1.2 Updaterc1

Phpmyadmin ≫ Phpmyadmin Version3.1.3

Phpmyadmin ≫ Phpmyadmin Version3.1.3 Updaterc1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.75%	0.721

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html

http://secunia.com/advisories/34642

Vendor Advisory

http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/trunk/phpMyAdmin/libraries/display_export.lib.php?r1=11986&r2=12302&pathrev=12302

http://secunia.com/advisories/34430

Vendor Advisory

http://secunia.com/advisories/35585

Vendor Advisory

http://secunia.com/advisories/35635

Vendor Advisory

http://security.gentoo.org/glsa/glsa-200906-03.xml

http://www.debian.org/security/2009/dsa-1824