CVE-2011-2642Cross-site Scripting in Phpmyadmin

CWE-79Cross-site ScriptingCWE-122Heap-based Buffer OverflowCWE-193Off-by-one Error11 documents6 sources
Severity
2.6LOWNVD
EPSS
0.7%
top 28.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
PhpmyadminDebian Phpmyadmin
Timeline
PublishedAug 1
Latest updateMay 17

Description

Multiple cross-site scripting (XSS) vulnerabilities in the table Print view implementation in tbl_printview.php in phpMyAdmin before 3.3.10.3 and 3.4.x before 3.4.3.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted table name.

CVSS vector

AV:N/AC:H/C:N/I:P/A:NExploitability: 4.9 | Impact: 2.9

Affected Packages3 packages

debiandebian/phpmyadmin< phpmyadmin 4:3.4.3.2-1 (bookworm)
Debianphpmyadmin/phpmyadmin< 4:3.4.3.2-1+3
NVDphpmyadmin/phpmyadmin3.3.10.2+60

Patches

Patch: www.phpmyadmin.netPatch: bugzilla.redhat.comPatch: www.phpmyadmin.net

🔴Vulnerability Details

2
GHSA
GHSA-wgmf-qh83-2587: Multiple cross-site scripting (XSS) vulnerabilities in the table Print view implementation in tbl_printview2022-05-17
OSV
CVE-2011-2642: Multiple cross-site scripting (XSS) vulnerabilities in the table Print view implementation in tbl_printview2011-08-01

📋Vendor Advisories

3
Red Hat
t1lib: off-by-one errors in token and linetoken2011-03-04
Red Hat
t1lib: Heap-based buffer overflow DVI file AFM font parser2011-01-30
Debian
CVE-2011-2642: phpmyadmin - Multiple cross-site scripting (XSS) vulnerabilities in the table Print view impl...2011

💬Community

4
Bugzilla
CVE-2011-5244 t1lib: off-by-one errors in token and linetoken2012-11-20
Bugzilla
CVE-2010-2642 CVE-2011-0433 CVE-2011-0764 CVE-2011-1552 CVE-2011-1553 CVE-2011-1554 t1lib various flaws [fedora-all]2012-01-10
Bugzilla
CVE-2011-2642 phpMyAdmin: v3.3.10.3, v3.4.3.2: XSS in table Print view (PMASA-2011-9)2011-07-25
Bugzilla
CVE-2011-2642 CVE-2011-2643 phpMyAdmin various flaws [fedora-all]2011-07-25