2.6

CVE-2011-2642

Multiple cross-site scripting (XSS) vulnerabilities in the table Print view implementation in tbl_printview.php in phpMyAdmin before 3.3.10.3 and 3.4.x before 3.4.3.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted table name.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PhpmyadminPhpmyadmin Version <= 3.3.10.2
PhpmyadminPhpmyadmin Version2.11.0
PhpmyadminPhpmyadmin Version2.11.1.0
PhpmyadminPhpmyadmin Version2.11.1.1
PhpmyadminPhpmyadmin Version2.11.1.2
PhpmyadminPhpmyadmin Version2.11.2.0
PhpmyadminPhpmyadmin Version2.11.2.1
PhpmyadminPhpmyadmin Version2.11.2.2
PhpmyadminPhpmyadmin Version2.11.3.0
PhpmyadminPhpmyadmin Version2.11.4.0
PhpmyadminPhpmyadmin Version2.11.5.0
PhpmyadminPhpmyadmin Version2.11.5.1
PhpmyadminPhpmyadmin Version2.11.5.2
PhpmyadminPhpmyadmin Version2.11.6.0
PhpmyadminPhpmyadmin Version2.11.7.0
PhpmyadminPhpmyadmin Version2.11.7.1
PhpmyadminPhpmyadmin Version2.11.8.0
PhpmyadminPhpmyadmin Version2.11.9.0
PhpmyadminPhpmyadmin Version2.11.9.1
PhpmyadminPhpmyadmin Version2.11.9.2
PhpmyadminPhpmyadmin Version2.11.9.3
PhpmyadminPhpmyadmin Version2.11.9.4
PhpmyadminPhpmyadmin Version2.11.9.5
PhpmyadminPhpmyadmin Version2.11.9.6
PhpmyadminPhpmyadmin Version2.11.10.0
PhpmyadminPhpmyadmin Version2.11.10.1
PhpmyadminPhpmyadmin Version3.0.0
PhpmyadminPhpmyadmin Version3.0.0 Updatealpha
PhpmyadminPhpmyadmin Version3.0.0 Updatebeta
PhpmyadminPhpmyadmin Version3.0.0 Updaterc1
PhpmyadminPhpmyadmin Version3.0.1
PhpmyadminPhpmyadmin Version3.0.1 Updaterc1
PhpmyadminPhpmyadmin Version3.0.1.1
PhpmyadminPhpmyadmin Version3.1.0
PhpmyadminPhpmyadmin Version3.1.0 Updatebeta1
PhpmyadminPhpmyadmin Version3.1.1
PhpmyadminPhpmyadmin Version3.1.1 Updaterc1
PhpmyadminPhpmyadmin Version3.1.2
PhpmyadminPhpmyadmin Version3.1.2 Updaterc1
PhpmyadminPhpmyadmin Version3.1.3
PhpmyadminPhpmyadmin Version3.1.3 Updaterc1
PhpmyadminPhpmyadmin Version3.1.3.1
PhpmyadminPhpmyadmin Version3.1.3.2
PhpmyadminPhpmyadmin Version3.1.4
PhpmyadminPhpmyadmin Version3.1.4 Updaterc2
PhpmyadminPhpmyadmin Version3.1.5
PhpmyadminPhpmyadmin Version3.1.5 Updaterc1
PhpmyadminPhpmyadmin Version3.2.0
PhpmyadminPhpmyadmin Version3.2.0 Updatebeta1
PhpmyadminPhpmyadmin Version3.2.0 Updaterc1
PhpmyadminPhpmyadmin Version3.2.1
PhpmyadminPhpmyadmin Version3.2.1 Updaterc1
PhpmyadminPhpmyadmin Version3.2.2
PhpmyadminPhpmyadmin Version3.2.2 Updaterc1
PhpmyadminPhpmyadmin Version3.3.0.0
PhpmyadminPhpmyadmin Version3.3.1.0
PhpmyadminPhpmyadmin Version3.3.2.0
PhpmyadminPhpmyadmin Version3.3.3.0
PhpmyadminPhpmyadmin Version3.3.4.0
PhpmyadminPhpmyadmin Version3.3.5.0
PhpmyadminPhpmyadmin Version3.3.5.1
PhpmyadminPhpmyadmin Version3.3.6
PhpmyadminPhpmyadmin Version3.3.7
PhpmyadminPhpmyadmin Version3.3.8
PhpmyadminPhpmyadmin Version3.3.8.1
PhpmyadminPhpmyadmin Version3.3.9.0
PhpmyadminPhpmyadmin Version3.3.9.1
PhpmyadminPhpmyadmin Version3.3.9.2
PhpmyadminPhpmyadmin Version3.3.10.0
PhpmyadminPhpmyadmin Version3.3.10.1
PhpmyadminPhpmyadmin Version3.4.0.0
PhpmyadminPhpmyadmin Version3.4.1.0
PhpmyadminPhpmyadmin Version3.4.2.0
PhpmyadminPhpmyadmin Version3.4.3.0
PhpmyadminPhpmyadmin Version3.4.3.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.74% 0.747
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 2.6 4.9 2.9
AV:N/AC:H/Au:N/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://secunia.com/advisories/45315
http://www.debian.org/security/2011/dsa-2286
http://www.mandriva.com/security/advisories?name=MDVSA-2011:124
http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063410.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063418.html
http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=4bd27166c314faa37cada91533b86377f4d4d214
http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=a0823be05aa5835f207c0838b9cca67d2d9a050a
http://secunia.com/advisories/45365
Vendor Advisory
http://secunia.com/advisories/45515
http://www.phpmyadmin.net/home_page/security/PMASA-2011-9.php
Patch
Vendor Advisory
http://www.securityfocus.com/bid/48874
https://bugzilla.redhat.com/show_bug.cgi?id=725381
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/68750