CVE-2011-3592 — Cross-site Scripting in Phpmyadmin

CWE-79 — Cross-site Scripting7 documents6 sources

Severity

3.5LOWNVD

EPSS

0.2%

top 60.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpmyadmin Debian Phpmyadmin

Timeline

PublishedDec 26

Latest updateFeb 26

Description

Multiple cross-site scripting (XSS) vulnerabilities in the PMA_unInlineEditRow function in js/sql.js in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a (1) database name, (2) table name, or (3) column name that is not properly handled after an inline-editing operation.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages4 packages

▶debiandebian/phpmyadmin< phpmyadmin 4:3.4.5-1 (bookworm)

▶Packagistphpmyadmin/phpmyadmin3.4.0 — 3.4.5

▶Debianphpmyadmin/phpmyadmin< 4:3.4.5-1+3

▶NVDphpmyadmin/phpmyadmin7 versions+6

🔴Vulnerability Details

OSV

phpMyAdmin Multiple XSS Vulnerabilities↗2022-05-17

▶

GHSA

phpMyAdmin Multiple XSS Vulnerabilities↗2022-05-17

▶

OSV

CVE-2011-3592: Multiple cross-site scripting (XSS) vulnerabilities in the PMA_unInlineEditRow function in js/sql↗2014-12-26

▶

📋Vendor Advisories

Red Hat

kernel: bpf: Fix a btf decl_tag bug when tagging a function↗2025-02-26

▶

Debian

CVE-2011-3592: phpmyadmin - Multiple cross-site scripting (XSS) vulnerabilities in the PMA_unInlineEditRow f...↗2011

▶

💬Community

Bugzilla

CVE-2011-3591 CVE-2011-3592 phpMyAdmin: Multiple XSS flaws in versions v3.4.0 to v3.4.4 (PMASA-2011-14)↗2011-09-15

▶