6.1
CVE-2019-25453
- EPSS 0.28%
- Veröffentlicht 20.02.2026 22:57:01
- Zuletzt bearbeitet 24.02.2026 20:43:34
- Quelle disclosure@vulncheck.com
- CVE-Watchlists
- Unerledigt
LoginphpMoAdmin 1.1.5 Reflected Cross-Site Scripting via moadmin.php
phpMoAdmin 1.1.5 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the newdb parameter. Attackers can craft URLs with JavaScript payloads in the newdb parameter of moadmin.php to execute arbitrary code in users' browsers when they visit the malicious link.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Phpmoadmin ≫ Phpmoadmin Version1.1.5
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.28% | 0.199 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| disclosure@vulncheck.com | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| disclosure@vulncheck.com | 5.1 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
https://www.exploit-db.com/exploits/46082
http://www.phpmoadmin.com/
https://www.vulncheck.com/advisories/phpmoadmin-reflected-cross-site-scripting-via-moadminphp