Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2005-0543Cross-site Scripting in Phpmyadmin

CWE-79Cross-site Scripting9 documents6 sources
Severity
4.3MEDIUMNVD
EPSS
2.8%
top 13.88%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
PhpmyadminDebian Phpmyadmin
Timeline
PublishedFeb 24
Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary HTML and web script via (1) the strServer, cfg[BgcolorOne], or strServerChoice parameters in select_server.lib.php, (2) the bg_color or row_no parameters in display_tbl_links.lib.php, the left_font_family parameter in theme_left.css.php, or the right_font_family parameter in theme_right.css.php.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

debiandebian/phpmyadmin< phpmyadmin 3:2.6.1-pl2-1 (bookworm)
Debianphpmyadmin/phpmyadmin< 3:2.6.1-pl2-1+3
NVDphpmyadmin/phpmyadmin4 versions+3

Patches

Patch: secunia.comPatch: www.gentoo.orgPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-gj5v-2g4g-3xxm: Cross-site scripting (XSS) vulnerability in phpMyAdmin 22022-05-01
OSV
CVE-2005-0543: Cross-site scripting (XSS) vulnerability in phpMyAdmin 22005-02-24

💥Exploits & PoCs

4
Exploit-DB
phpMyAdmin 2.6 - 'display_tbl_links.lib.php' Multiple Cross-Site Scripting Vulnerabilities2005-02-24
Exploit-DB
phpMyAdmin 2.6 - 'theme_right.css.php' Multiple Cross-Site Scripting Vulnerabilities2005-02-24
Exploit-DB
phpMyAdmin 2.6 - 'select_server.lib.php' Multiple Cross-Site Scripting Vulnerabilities2005-02-24
Exploit-DB
phpMyAdmin 2.6 - 'theme_left.css.php' Multiple Cross-Site Scripting Vulnerabilities2005-02-24

📋Vendor Advisories

2
Debian
CVE-2005-0543: phpmyadmin - Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.6.1 allows remote attac...2005
Red Hat
CVE-2005-1730: Multiple vulnerabilities in the OpenSSL ASN