CVE-2009-2284 — Cross-site Scripting in Phpmyadmin

CWE-79 — Cross-site Scripting5 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

0.5%

top 33.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpmyadmin Debian Phpmyadmin

Timeline

PublishedJul 1

Latest updateMay 2

Description

Cross-site scripting (XSS) vulnerability in phpMyAdmin before 3.2.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted SQL bookmark.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/phpmyadmin< phpmyadmin 4:3.2.0.1-1 (bookworm)

▶Debianphpmyadmin/phpmyadmin< 4:3.2.0.1-1+3

▶NVDphpmyadmin/phpmyadmin3.2.0+165

Patches

Patch: www.phpmyadmin.net ↗Patch: www.phpmyadmin.net ↗

🔴Vulnerability Details

GHSA

GHSA-fm9c-6g88-w6vp: Cross-site scripting (XSS) vulnerability in phpMyAdmin before 3↗2022-05-02

▶

OSV

CVE-2009-2284: Cross-site scripting (XSS) vulnerability in phpMyAdmin before 3↗2009-07-01

▶

📋Vendor Advisories

Debian

CVE-2009-2284: phpmyadmin - Cross-site scripting (XSS) vulnerability in phpMyAdmin before 3.2.0.1 allows rem...↗2009

▶

Red Hat

phpMyAdmin: XSS: Insufficient output sanitizing in bookmarks (PMASA-2009-5)↗

▶