Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-4480 — Cross-site Scripting in Phpmyadmin

CWE-79 — Cross-site Scripting7 documents6 sources

Severity

4.3MEDIUMNVD

EPSS

7.5%

top 8.22%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Phpmyadmin Debian Phpmyadmin

Timeline

PublishedDec 8

Latest updateMay 17

Description

error.php in PhpMyAdmin 3.3.8.1, and other versions before 3.4.0-beta1, allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted BBcode tag containing "@" characters, as demonstrated using "[a@url@page]".

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/phpmyadmin< phpmyadmin 4:3.3.7-3 (bookworm)

▶Debianphpmyadmin/phpmyadmin< 4:3.3.7-3+3

▶NVDphpmyadmin/phpmyadmin3.3.8.1, 3.3.9.0+1

🔴Vulnerability Details

GHSA

GHSA-r7cq-qp4v-9qxv: error↗2022-05-17

▶

OSV

CVE-2010-4480: error↗2010-12-08

▶

💥Exploits & PoCs

Exploit-DB

phpMyAdmin - Client-Side Code Injection / Redirect Link Falsification↗2010-12-06

▶

📋Vendor Advisories

Debian

CVE-2010-4480: phpmyadmin - error.php in PhpMyAdmin 3.3.8.1, and other versions before 3.4.0-beta1, allows r...↗2010

▶

💬Community

Bugzilla

CVE-2010-4480 CVE-2010-4481 phpMyAdmin various flaws [fedora-all]↗2010-12-12

▶

Bugzilla

CVE-2010-4480 phpMyAdmin: XSS vulnerability via crafted BBCode tag in error.php↗2010-12-08

▶