CVE-2008-3457 — Cross-site Scripting in Phpmyadmin

CWE-79 — Cross-site Scripting5 documents5 sources

Severity

2.6LOWNVD

EPSS

0.6%

top 30.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpmyadmin Debian Phpmyadmin

Timeline

PublishedAug 4

Latest updateMay 2

Description

Cross-site scripting (XSS) vulnerability in setup.php in phpMyAdmin before 2.11.8 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted setup arguments. NOTE: this issue can only be exploited in limited scenarios in which the attacker must be able to modify config/config.inc.php.

CVSS vector

AV:N/AC:H/C:N/I:P/A:NExploitability: 4.9 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/phpmyadmin< phpmyadmin 4:2.11.8~rc1-1 (bookworm)

▶Debianphpmyadmin/phpmyadmin< 4:2.11.8~rc1-1+3

▶NVDphpmyadmin/phpmyadmin2.11.7.0+41

🔴Vulnerability Details

GHSA

GHSA-gcf3-96cg-hh53: Cross-site scripting (XSS) vulnerability in setup↗2022-05-02

▶

OSV

CVE-2008-3457: Cross-site scripting (XSS) vulnerability in setup↗2008-08-04

▶

📋Vendor Advisories

Debian

CVE-2008-3457: phpmyadmin - Cross-site scripting (XSS) vulnerability in setup.php in phpMyAdmin before 2.11....↗2008

▶

Red Hat

phpMyAdmin: Cross-site Framing; XSS in setup.php (PMASA-2008-6 - CVE-2008-3456, CVE-2008-3457)↗

▶