CVE-2010-4329

EPSS 0.61%
Veröffentlicht 02.12.2010 16:22:21
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Cross-site scripting (XSS) vulnerability in the PMA_linkOrButton function in libraries/common.lib.php in the database (db) search script in phpMyAdmin 2.11.x before 2.11.11.1 and 3.x before 3.3.8.1 allows remote attackers to inject arbitrary web script or HTML via a crafted request.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 19

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Phpmyadmin ≫ Phpmyadmin Version2.11.0

Phpmyadmin ≫ Phpmyadmin Version2.11.1.0

Phpmyadmin ≫ Phpmyadmin Version2.11.1.1

Phpmyadmin ≫ Phpmyadmin Version2.11.1.2

Phpmyadmin ≫ Phpmyadmin Version2.11.2.0

Phpmyadmin ≫ Phpmyadmin Version2.11.2.1

Phpmyadmin ≫ Phpmyadmin Version2.11.2.2

Phpmyadmin ≫ Phpmyadmin Version2.11.3.0

Phpmyadmin ≫ Phpmyadmin Version2.11.4.0

Phpmyadmin ≫ Phpmyadmin Version2.11.5.0

Phpmyadmin ≫ Phpmyadmin Version2.11.5.1

Phpmyadmin ≫ Phpmyadmin Version2.11.5.2

Phpmyadmin ≫ Phpmyadmin Version2.11.6.0

Phpmyadmin ≫ Phpmyadmin Version2.11.7.0

Phpmyadmin ≫ Phpmyadmin Version2.11.7.1

Phpmyadmin ≫ Phpmyadmin Version2.11.8.0

Phpmyadmin ≫ Phpmyadmin Version2.11.9.0

Phpmyadmin ≫ Phpmyadmin Version2.11.9.1

Phpmyadmin ≫ Phpmyadmin Version2.11.9.2

Phpmyadmin ≫ Phpmyadmin Version2.11.9.3

Phpmyadmin ≫ Phpmyadmin Version2.11.9.4

Phpmyadmin ≫ Phpmyadmin Version2.11.9.5

Phpmyadmin ≫ Phpmyadmin Version2.11.9.6

Phpmyadmin ≫ Phpmyadmin Version2.11.10.0

Phpmyadmin ≫ Phpmyadmin Version2.11.10.1

Phpmyadmin ≫ Phpmyadmin Version2.11.11

Phpmyadmin ≫ Phpmyadmin Version3.0.0

Phpmyadmin ≫ Phpmyadmin Version3.0.0 Updatealpha

Phpmyadmin ≫ Phpmyadmin Version3.0.0 Updatebeta

Phpmyadmin ≫ Phpmyadmin Version3.0.0 Updaterc1

Phpmyadmin ≫ Phpmyadmin Version3.0.1

Phpmyadmin ≫ Phpmyadmin Version3.0.1 Updaterc1

Phpmyadmin ≫ Phpmyadmin Version3.0.1.1

Phpmyadmin ≫ Phpmyadmin Version3.1.0

Phpmyadmin ≫ Phpmyadmin Version3.1.0 Updatebeta1

Phpmyadmin ≫ Phpmyadmin Version3.1.1

Phpmyadmin ≫ Phpmyadmin Version3.1.1 Updaterc1

Phpmyadmin ≫ Phpmyadmin Version3.1.2

Phpmyadmin ≫ Phpmyadmin Version3.1.2 Updaterc1

Phpmyadmin ≫ Phpmyadmin Version3.1.3

Phpmyadmin ≫ Phpmyadmin Version3.1.3 Updaterc1

Phpmyadmin ≫ Phpmyadmin Version3.1.3.1

Phpmyadmin ≫ Phpmyadmin Version3.1.3.2

Phpmyadmin ≫ Phpmyadmin Version3.1.4

Phpmyadmin ≫ Phpmyadmin Version3.1.4 Updaterc2

Phpmyadmin ≫ Phpmyadmin Version3.1.5

Phpmyadmin ≫ Phpmyadmin Version3.1.5 Updaterc1

Phpmyadmin ≫ Phpmyadmin Version3.2.0

Phpmyadmin ≫ Phpmyadmin Version3.2.0 Updatebeta1

Phpmyadmin ≫ Phpmyadmin Version3.2.0 Updaterc1

Phpmyadmin ≫ Phpmyadmin Version3.2.1

Phpmyadmin ≫ Phpmyadmin Version3.2.1 Updaterc1

Phpmyadmin ≫ Phpmyadmin Version3.2.2

Phpmyadmin ≫ Phpmyadmin Version3.2.2 Updaterc1

Phpmyadmin ≫ Phpmyadmin Version3.3.0.0

Phpmyadmin ≫ Phpmyadmin Version3.3.1.0

Phpmyadmin ≫ Phpmyadmin Version3.3.2.0

Phpmyadmin ≫ Phpmyadmin Version3.3.3.0

Phpmyadmin ≫ Phpmyadmin Version3.3.4.0

Phpmyadmin ≫ Phpmyadmin Version3.3.5.0

Phpmyadmin ≫ Phpmyadmin Version3.3.5.1

Phpmyadmin ≫ Phpmyadmin Version3.3.6

Phpmyadmin ≫ Phpmyadmin Version3.3.7

Phpmyadmin ≫ Phpmyadmin Version3.3.8

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.61%	0.672

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051942.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051956.html

http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commitdiff%3Bh=4341818d73d454451f024950a4ce0141608ac7f8

http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commitdiff%3Bh=e1f4901ffc400b6d2df15eac0ba5015fe48a27c4

http://secunia.com/advisories/42408

Vendor Advisory

http://secunia.com/advisories/42477

http://secunia.com/advisories/42725

http://www.debian.org/security/2010/dsa-2139

http://www.mandriva.com/security/advisories?name=MDVSA-2010:244

http://www.osvdb.org/69516

http://www.phpmyadmin.net/home_page/security/PMASA-2010-8.php