CVE-2006-2031Cross-site Scripting in Phpmyadmin

CWE-79Cross-site Scripting8 documents4 sources
Severity
4.3MEDIUMNVD
NVD2.6OSV2.6
EPSS
0.4%
top 38.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
PhpmyadminDebian Phpmyadmin
Timeline
PublishedApr 26
Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin 2.8.0.3, 2.8.0.2, 2.8.1-dev, and 2.9.0-dev allows remote attackers to inject arbitrary web script or HTML via the lang parameter.

CVSS vector

AV:N/AC:H/C:N/I:P/A:NExploitability: 4.9 | Impact: 2.9

Affected Packages3 packages

debiandebian/phpmyadmin< phpmyadmin 4:2.8.1-1 (bookworm)
Debianphpmyadmin/phpmyadmin< 4:2.8.1-1+3
NVDphpmyadmin/phpmyadmin5 versions+4

🔴Vulnerability Details

4
GHSA
GHSA-r43p-59cr-4g96: Cross-site scripting (XSS) vulnerability in index2022-05-01
GHSA
GHSA-x5rx-xjw2-pgfp: Cross-site scripting (XSS) vulnerability in phpMyAdmin 22022-05-01
OSV
CVE-2006-2417: Cross-site scripting (XSS) vulnerability in phpMyAdmin 22006-05-16
OSV
CVE-2006-2031: Cross-site scripting (XSS) vulnerability in index2006-04-26

📋Vendor Advisories

2
Debian
CVE-2006-2031: phpmyadmin - Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin 2.8.0.3, 2.8...2006
Debian
CVE-2006-2417: phpmyadmin - Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.x before 2.8.0.4 al...2006