CVE-2010-4480
published 2010-12-08CVE-2010-4480: error.php in PhpMyAdmin 3.3.8.1, and other versions before 3.4.0-beta1, allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted…
PriorityP424medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
5.83%
92.2th percentile
error.php in PhpMyAdmin 3.3.8.1, and other versions before 3.4.0-beta1, allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted BBcode tag containing "@" characters, as demonstrated using "[a@url@page]".
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | phpmyadmin | < phpmyadmin 4:3.3.7-3 (bookworm) | phpmyadmin 4:3.3.7-3 (bookworm) |
| phpmyadmin | phpmyadmin | — | — |
| phpmyadmin | phpmyadmin | — | — |
| phpmyadmin | phpmyadmin | >= 0 < 4:3.3.7-3 | 4:3.3.7-3 |
| phpmyadmin | phpmyadmin | >= 0 < 4:3.3.7-3 | 4:3.3.7-3 |
| phpmyadmin | phpmyadmin | >= 0 < 4:3.3.7-3 | 4:3.3.7-3 |
| phpmyadmin | phpmyadmin | >= 0 < 4:3.3.7-3 | 4:3.3.7-3 |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv4.3MEDIUM
vendor_debian4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-r7cq-qp4v-9qxv: error
ghsa_unreviewed·2022-05-17
CVE-2010-4480 [MEDIUM] CWE-79 GHSA-r7cq-qp4v-9qxv: error
error.php in PhpMyAdmin 3.3.8.1, and other versions before 3.4.0-beta1, allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted BBcode tag containing "@" characters, as demonstrated using "[a@url@page]".
OSV
CVE-2010-4480: error
osv·2010-12-08·CVSS 4.3
CVE-2010-4480 [MEDIUM] CVE-2010-4480: error
error.php in PhpMyAdmin 3.3.8.1, and other versions before 3.4.0-beta1, allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted BBcode tag containing "@" characters, as demonstrated using "[a@url@page]".
Debian
CVE-2010-4480: phpmyadmin - error.php in PhpMyAdmin 3.3.8.1, and other versions before 3.4.0-beta1, allows r...
vendor_debian·2010·CVSS 4.3
CVE-2010-4480 [MEDIUM] CVE-2010-4480: phpmyadmin - error.php in PhpMyAdmin 3.3.8.1, and other versions before 3.4.0-beta1, allows r...
error.php in PhpMyAdmin 3.3.8.1, and other versions before 3.4.0-beta1, allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted BBcode tag containing "@" characters, as demonstrated using "[a@url@page]".
Scope: local
bookworm: resolved (fixed in 4:3.3.7-3)
bullseye: resolved (fixed in 4:3.3.7-3)
forky: resolved (fixed in 4:3.3.7-3)
sid: resolved (fixed in 4:3.3.7-3)
trixie: resolved (fixed in 4:3.3.7-3)
No detection rules found.
Bugzilla
CVE-2010-4480 CVE-2010-4481 phpMyAdmin various flaws [fedora-all]
bugzilla·2010-12-12·CVSS 4.3
CVE-2010-4480 [MEDIUM] CVE-2010-4480 CVE-2010-4481 phpMyAdmin various flaws [fedora-all]
CVE-2010-4480 CVE-2010-4481 phpMyAdmin various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=661335
Please note: this issue affects multiple supporte
Bugzilla
CVE-2010-4480 phpMyAdmin: XSS vulnerability via crafted BBCode tag in error.php
bugzilla·2010-12-08·CVSS 4.3
CVE-2010-4480 [MEDIUM] CVE-2010-4480 phpMyAdmin: XSS vulnerability via crafted BBCode tag in error.php
CVE-2010-4480 phpMyAdmin: XSS vulnerability via crafted BBCode tag in error.php
Common Vulnerabilities and Exposures assigned an identifier CVE-2010-4480 to
the following vulnerability:
Name: CVE-2010-4480
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4480
Assigned: 20101207
Reference: EXPLOIT-DB:15699
Reference: URL: http://www.exploit-db.com/exploits/15699
Reference: VUPEN:ADV-2010-3133
Reference: URL: http://www.vupen.com/english/advisories/2010/3133
error.php in PhpMyAdmin 3.3.8.1 and earlier allows remote attackers to
conduct cross-site scripting (XSS) attacks via a crafted BBcode tag
containing "@" characters, as demonstrated using "[a@url@page]".
No new version of phpMyAdmin is available as of yet, but the following looks like the relevant commit to fix this issue
http://secunia.com/advisories/42485http://secunia.com/advisories/42725http://www.debian.org/security/2010/dsa-2139http://www.exploit-db.com/exploits/15699http://www.mandriva.com/security/advisories?name=MDVSA-2011:000http://www.phpmyadmin.net/home_page/security/PMASA-2010-9.phphttp://www.securityfocus.com/bid/45633http://www.vupen.com/english/advisories/2010/3133http://www.vupen.com/english/advisories/2011/0001http://www.vupen.com/english/advisories/2011/0027http://secunia.com/advisories/42485http://secunia.com/advisories/42725http://www.debian.org/security/2010/dsa-2139http://www.exploit-db.com/exploits/15699http://www.mandriva.com/security/advisories?name=MDVSA-2011:000http://www.phpmyadmin.net/home_page/security/PMASA-2010-9.phphttp://www.securityfocus.com/bid/45633http://www.vupen.com/english/advisories/2010/3133http://www.vupen.com/english/advisories/2011/0001http://www.vupen.com/english/advisories/2011/0027
2010-12-08
Published