CVE-2006-2417Cross-site Scripting in Phpmyadmin

CWE-79Cross-site Scripting4 documents4 sources
Severity
4.3MEDIUMNVD
OSV2.6
EPSS
0.6%
top 31.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
PhpmyadminDebian Phpmyadmin
Timeline
PublishedMay 16
Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.x before 2.8.0.4 allows remote attackers to inject arbitrary web script or HTML via the theme parameter in unknown scripts. NOTE: the lang parameter is already covered by CVE-2006-2031.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

debiandebian/phpmyadmin< phpmyadmin 4:2.8.1-1 (bookworm)
Debianphpmyadmin/phpmyadmin< 4:2.8.1-1+3
NVDphpmyadmin/phpmyadmin2.8.0.1, 2.8.0.2, 2.8.0.3+2

Patches

Patch: secunia.comPatch: www.phpmyadmin.netPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-x5rx-xjw2-pgfp: Cross-site scripting (XSS) vulnerability in phpMyAdmin 22022-05-01
OSV
CVE-2006-2417: Cross-site scripting (XSS) vulnerability in phpMyAdmin 22006-05-16

📋Vendor Advisories

1
Debian
CVE-2006-2417: phpmyadmin - Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.x before 2.8.0.4 al...2006