CVE-2005-0992
published 2005-05-02CVE-2005-0992: Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin before 2.6.2-rc1 allows remote attackers to inject arbitrary web script or HTML via the…
PriorityP419medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
4.50%
90.3th percentile
Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin before 2.6.2-rc1 allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter.
Affected
116 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | phpmyadmin | < phpmyadmin 3:2.6.2-rc1-1 (bookworm) | phpmyadmin 3:2.6.2-rc1-1 (bookworm) |
| debian | phpmyadmin | < phpmyadmin 4:2.9.1.1-2 (bookworm) | phpmyadmin 4:2.9.1.1-2 (bookworm) |
| debian | phpmyadmin | < phpmyadmin 4:2.11.2.2-1 (bookworm) | phpmyadmin 4:2.11.2.2-1 (bookworm) |
| phpmyadmin | phpmyadmin | <= 2.11.2.1 | — |
| phpmyadmin | phpmyadmin | — | — |
| phpmyadmin | phpmyadmin | — | — |
| phpmyadmin | phpmyadmin | — | — |
| phpmyadmin | phpmyadmin | — | — |
| phpmyadmin | phpmyadmin | — | — |
| phpmyadmin | phpmyadmin | — | — |
| phpmyadmin | phpmyadmin | — | — |
| phpmyadmin | phpmyadmin | — | — |
| phpmyadmin | phpmyadmin | — | — |
| phpmyadmin | phpmyadmin | — | — |
| phpmyadmin | phpmyadmin | — | — |
| phpmyadmin | phpmyadmin | — | — |
| phpmyadmin | phpmyadmin | — | — |
| phpmyadmin | phpmyadmin | — | — |
| phpmyadmin | phpmyadmin | — | — |
| phpmyadmin | phpmyadmin | — | — |
| phpmyadmin | phpmyadmin | — | — |
| phpmyadmin | phpmyadmin | — | — |
| phpmyadmin | phpmyadmin | — | — |
| phpmyadmin | phpmyadmin | — | — |
| phpmyadmin | phpmyadmin | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv4.3MEDIUM
vendor_debian4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6723-jq8x-794g: Cross-site scripting (XSS) vulnerability in phpMyAdmin 2
ghsa_unreviewed·2022-05-01·CVSS 4.3
CVE-2007-0341 [MEDIUM] GHSA-6723-jq8x-794g: Cross-site scripting (XSS) vulnerability in phpMyAdmin 2
Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.1 and earlier, when Microsoft Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in a CSS style in the convcharset parameter to the top-level URI, a different vulnerability than CVE-2005-0992.
GHSA
GHSA-hq77-gw5q-x5p4: Cross-site scripting (XSS) vulnerability in libraries/auth/cookie
ghsa_unreviewed·2022-05-01·CVSS 4.3
CVE-2007-6100 [MEDIUM] CWE-79 GHSA-hq77-gw5q-x5p4: Cross-site scripting (XSS) vulnerability in libraries/auth/cookie
Cross-site scripting (XSS) vulnerability in libraries/auth/cookie.auth.lib.php in phpMyAdmin before 2.11.2.2, when logins are authenticated with the cookie auth_type, allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter to index.php, a different vulnerability than CVE-2005-0992.
GHSA
GHSA-8wqv-f9xx-xf24: Cross-site scripting (XSS) vulnerability in index
ghsa_unreviewed·2022-05-01
CVE-2005-0992 [MEDIUM] GHSA-8wqv-f9xx-xf24: Cross-site scripting (XSS) vulnerability in index
Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin before 2.6.2-rc1 allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter.
OSV
CVE-2007-6100: Cross-site scripting (XSS) vulnerability in libraries/auth/cookie
osv·2007-11-23·CVSS 4.3
CVE-2007-6100 [MEDIUM] CVE-2007-6100: Cross-site scripting (XSS) vulnerability in libraries/auth/cookie
Cross-site scripting (XSS) vulnerability in libraries/auth/cookie.auth.lib.php in phpMyAdmin before 2.11.2.2, when logins are authenticated with the cookie auth_type, allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter to index.php, a different vulnerability than CVE-2005-0992.
OSV
CVE-2007-0341: Cross-site scripting (XSS) vulnerability in phpMyAdmin 2
osv·2007-01-18·CVSS 4.3
CVE-2007-0341 [MEDIUM] CVE-2007-0341: Cross-site scripting (XSS) vulnerability in phpMyAdmin 2
Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.1 and earlier, when Microsoft Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in a CSS style in the convcharset parameter to the top-level URI, a different vulnerability than CVE-2005-0992.
OSV
CVE-2005-0992: Cross-site scripting (XSS) vulnerability in index
osv·2005-05-02·CVSS 4.3
CVE-2005-0992 [MEDIUM] CVE-2005-0992: Cross-site scripting (XSS) vulnerability in index
Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin before 2.6.2-rc1 allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter.
Debian
CVE-2007-0341: phpmyadmin - Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.1 and earlier, when M...
vendor_debian·2007·CVSS 4.3
CVE-2007-0341 [MEDIUM] CVE-2007-0341: phpmyadmin - Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.1 and earlier, when M...
Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.1 and earlier, when Microsoft Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in a CSS style in the convcharset parameter to the top-level URI, a different vulnerability than CVE-2005-0992.
Scope: local
bookworm: resolved (fixed in 4:2.9.1.1-2)
bullseye: resolved (fixed in 4:2.9.1.1-2)
forky: resolved (fixed in 4:2.9.1.1-2)
sid: resolved (fixed in 4:2.9.1.1-2)
trixie: resolved (fixed in 4:2.9.1.1-2)
Debian
CVE-2007-6100: phpmyadmin - Cross-site scripting (XSS) vulnerability in libraries/auth/cookie.auth.lib.php i...
vendor_debian·2007·CVSS 4.3
CVE-2007-6100 [MEDIUM] CVE-2007-6100: phpmyadmin - Cross-site scripting (XSS) vulnerability in libraries/auth/cookie.auth.lib.php i...
Cross-site scripting (XSS) vulnerability in libraries/auth/cookie.auth.lib.php in phpMyAdmin before 2.11.2.2, when logins are authenticated with the cookie auth_type, allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter to index.php, a different vulnerability than CVE-2005-0992.
Scope: local
bookworm: resolved (fixed in 4:2.11.2.2-1)
bullseye: resolved (fixed in 4:2.11.2.2-1)
forky: resolved (fixed in 4:2.11.2.2-1)
sid: resolved (fixed in 4:2.11.2.2-1)
trixie: resolved (fixed in 4:2.11.2.2-1)
Debian
CVE-2005-0992: phpmyadmin - Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin before 2.6.2...
vendor_debian·2005·CVSS 4.3
CVE-2005-0992 [MEDIUM] CVE-2005-0992: phpmyadmin - Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin before 2.6.2...
Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin before 2.6.2-rc1 allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter.
Scope: local
bookworm: resolved (fixed in 3:2.6.2-rc1-1)
bullseye: resolved (fixed in 3:2.6.2-rc1-1)
forky: resolved (fixed in 3:2.6.2-rc1-1)
sid: resolved (fixed in 3:2.6.2-rc1-1)
trixie: resolved (fixed in 3:2.6.2-rc1-1)
No detection rules found.
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=111264361622660&w=2http://secunia.com/advisories/14799http://www.arrelnet.com/advisories/adv20050403.htmlhttp://www.gentoo.org/security/en/glsa/glsa-200504-08.xmlhttp://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-3http://www.securityfocus.com/bid/12982https://exchange.xforce.ibmcloud.com/vulnerabilities/19940http://marc.info/?l=bugtraq&m=111264361622660&w=2http://secunia.com/advisories/14799http://www.arrelnet.com/advisories/adv20050403.htmlhttp://www.gentoo.org/security/en/glsa/glsa-200504-08.xmlhttp://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-3http://www.securityfocus.com/bid/12982https://exchange.xforce.ibmcloud.com/vulnerabilities/19940
2005-05-02
Published