CVE-2006-1258
published 2006-03-19CVE-2006-1258: Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.1 allows remote attackers to inject arbitrary web script or HTML via the set_theme parameter.
PriorityP419medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
2.52%
82.8th percentile
Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.1 allows remote attackers to inject arbitrary web script or HTML via the set_theme parameter.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | phpmyadmin | < phpmyadmin 4:2.8.0.2-2 (bookworm) | phpmyadmin 4:2.8.0.2-2 (bookworm) |
| phpmyadmin | phpmyadmin | — | — |
| phpmyadmin | phpmyadmin | >= 0 < 4:2.8.0.2-2 | 4:2.8.0.2-2 |
| phpmyadmin | phpmyadmin | >= 0 < 4:2.8.0.2-2 | 4:2.8.0.2-2 |
| phpmyadmin | phpmyadmin | >= 0 < 4:2.8.0.2-2 | 4:2.8.0.2-2 |
| phpmyadmin | phpmyadmin | >= 0 < 4:2.8.0.2-2 | 4:2.8.0.2-2 |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv4.3MEDIUM
vendor_debian4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4m4p-5pj4-3gv8: Cross-site scripting (XSS) vulnerability in phpMyAdmin 2
ghsa_unreviewed·2022-05-01
CVE-2006-1258 [MEDIUM] GHSA-4m4p-5pj4-3gv8: Cross-site scripting (XSS) vulnerability in phpMyAdmin 2
Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.1 allows remote attackers to inject arbitrary web script or HTML via the set_theme parameter.
OSV
CVE-2006-1258: Cross-site scripting (XSS) vulnerability in phpMyAdmin 2
osv·2006-03-19·CVSS 4.3
CVE-2006-1258 [MEDIUM] CVE-2006-1258: Cross-site scripting (XSS) vulnerability in phpMyAdmin 2
Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.1 allows remote attackers to inject arbitrary web script or HTML via the set_theme parameter.
Debian
CVE-2006-1258: phpmyadmin - Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.1 allows remote att...
vendor_debian·2006·CVSS 4.3
CVE-2006-1258 [MEDIUM] CVE-2006-1258: phpmyadmin - Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.1 allows remote att...
Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.1 allows remote attackers to inject arbitrary web script or HTML via the set_theme parameter.
Scope: local
bookworm: resolved (fixed in 4:2.8.0.2-2)
bullseye: resolved (fixed in 4:2.8.0.2-2)
forky: resolved (fixed in 4:2.8.0.2-2)
sid: resolved (fixed in 4:2.8.0.2-2)
trixie: resolved (fixed in 4:2.8.0.2-2)
No detection rules found.
No writeups or analysis indexed.
http://secunia.com/advisories/19277http://securitytracker.com/id?1015776http://www.osvdb.org/23943http://www.phpmyadmin.net/home_page/downloads.php?relnotes=0http://www.securityfocus.com/bid/17142http://www.vupen.com/english/advisories/2006/0991https://exchange.xforce.ibmcloud.com/vulnerabilities/25305http://secunia.com/advisories/19277http://securitytracker.com/id?1015776http://www.osvdb.org/23943http://www.phpmyadmin.net/home_page/downloads.php?relnotes=0http://www.securityfocus.com/bid/17142http://www.vupen.com/english/advisories/2006/0991https://exchange.xforce.ibmcloud.com/vulnerabilities/25305
2006-03-19
Published