CVE-2011-3591 — Cross-site Scripting in Phpmyadmin

CWE-79 — Cross-site Scripting8 documents6 sources

Severity

3.5LOWNVD

EPSS

0.2%

top 60.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpmyadmin Debian Phpmyadmin

Timeline

PublishedDec 26

Latest updateMay 17

Description

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a crafted row that triggers an improperly constructed confirmation message after inline-editing and save operations, related to (1) js/functions.js and (2) js/tbl_structure.js.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages4 packages

▶debiandebian/phpmyadmin< phpmyadmin 4:3.4.5-1 (bookworm)

▶Packagistphpmyadmin/phpmyadmin3.4.0 — 3.4.5

▶Debianphpmyadmin/phpmyadmin< 4:3.4.5-1+3

▶NVDphpmyadmin/phpmyadmin7 versions+6

🔴Vulnerability Details

GHSA

phpMyAdmin Multiple XSS Vulnerabilities After Inline Editing and Save↗2022-05-17

▶

OSV

phpMyAdmin Multiple XSS Vulnerabilities After Inline Editing and Save↗2022-05-17

▶

OSV

CVE-2011-3591: Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3↗2014-12-26

▶

💥Exploits & PoCs

Exploit-DB

Oracle Document Capture - 'empop3.dll' Insecure Methods↗2011-01-26

▶

Exploit-DB

Oracle Document Capture - Actbar2.ocx Insecure Method↗2011-01-26

▶

📋Vendor Advisories

Debian

CVE-2011-3591: phpmyadmin - Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.4.x before 3...↗2011

▶

💬Community

Bugzilla

CVE-2011-3591 CVE-2011-3592 phpMyAdmin: Multiple XSS flaws in versions v3.4.0 to v3.4.4 (PMASA-2011-14)↗2011-09-15

▶