CVE-2007-2245 — Cross-site Scripting in Phpmyadmin

6 documents5 sources

Severity

6.8MEDIUMNVD

EPSS

2.4%

top 14.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpmyadmin Debian Phpmyadmin

Timeline

PublishedApr 25

Latest updateMay 1

Description

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.10.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the fieldkey parameter to browse_foreigners.php or (2) certain input to the PMA_sanitize function.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/phpmyadmin< phpmyadmin 4:2.10.1-1 (bookworm)

▶Debianphpmyadmin/phpmyadmin< 4:2.10.1-1+3

▶NVDphpmyadmin/phpmyadmin2.10.1.0

🔴Vulnerability Details

GHSA

GHSA-cx7j-6x8v-hjf9: Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2↗2022-05-01

▶

OSV

CVE-2007-2245: Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2↗2007-04-25

▶

📋Vendor Advisories

Debian

CVE-2007-2245: phpmyadmin - Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.10.1....↗2007

▶

💬Community

Bugzilla

CVE-2007-4897 CVE-2007-4924 opal various flaws [F7]↗2007-09-20

▶

Bugzilla

CVE-2007-2245: phpMyAdmin < 2.10.1 XSS vulnerabilities↗2007-04-25

▶