CVE-2010-3263 — Cross-site Scripting in Phpmyadmin

CWE-79 — Cross-site Scripting6 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

0.3%

top 48.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpmyadmin Debian Phpmyadmin

Timeline

PublishedSep 10

Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in setup/frames/index.inc.php in the setup script in phpMyAdmin 3.x before 3.3.7 allows remote attackers to inject arbitrary web script or HTML via a server name.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/phpmyadmin< phpmyadmin 4:3.3.7-1 (bookworm)

▶Debianphpmyadmin/phpmyadmin< 4:3.3.7-1+3

▶NVDphpmyadmin/phpmyadmin22 versions+21

🔴Vulnerability Details

GHSA

GHSA-ghr7-5368-f73m: Cross-site scripting (XSS) vulnerability in setup/frames/index↗2022-05-17

▶

OSV

CVE-2010-3263: Cross-site scripting (XSS) vulnerability in setup/frames/index↗2010-09-10

▶

📋Vendor Advisories

Debian

CVE-2010-3263: phpmyadmin - Cross-site scripting (XSS) vulnerability in setup/frames/index.inc.php in the se...↗2010

▶

💬Community

Bugzilla

CVE-2010-3263 phpMyAdmin (x < v3.3.7): XSS in setup script (PMASA-2010-7) [fedora-all]↗2010-09-08

▶

Bugzilla

CVE-2010-3263 phpMyAdmin (x < v3.3.7): XSS in setup script (PMASA-2010-7)↗2010-09-08

▶