CVE-2011-3598
published 2011-10-08CVE-2011-3598: Multiple cross-site scripting (XSS) vulnerabilities in phpPgAdmin before 5.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) a web page…
PriorityP418medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
2.53%
82.9th percentile
Multiple cross-site scripting (XSS) vulnerabilities in phpPgAdmin before 5.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) a web page title, related to classes/Misc.php; or the (2) return_url or (3) return_desc parameter to display.php.
Affected
20 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | phppgadmin | < phppgadmin 5.0.3-1 (forky) | phppgadmin 5.0.3-1 (forky) |
| phppgadmin | phppgadmin | <= 5.0.2 | — |
| phppgadmin | phppgadmin | — | — |
| phppgadmin | phppgadmin | — | — |
| phppgadmin | phppgadmin | — | — |
| phppgadmin | phppgadmin | — | — |
| phppgadmin | phppgadmin | — | — |
| phppgadmin | phppgadmin | — | — |
| phppgadmin | phppgadmin | — | — |
| phppgadmin | phppgadmin | — | — |
| phppgadmin | phppgadmin | — | — |
| phppgadmin | phppgadmin | — | — |
| phppgadmin | phppgadmin | — | — |
| phppgadmin | phppgadmin | — | — |
| phppgadmin | phppgadmin | — | — |
| phppgadmin | phppgadmin | — | — |
| phppgadmin | phppgadmin | — | — |
| phppgadmin | phppgadmin | — | — |
| phppgadmin_project | phppgadmin | >= 0 < 5.0.3-1 | 5.0.3-1 |
| phppgadmin_project | phppgadmin | >= 0 < 5.0.3-1 | 5.0.3-1 |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv4.3MEDIUM
vendor_debian4.3LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-7rg3-7j2j-797w: Multiple cross-site scripting (XSS) vulnerabilities in phpPgAdmin before 5
ghsa_unreviewed·2022-05-17
CVE-2011-3598 [MEDIUM] CWE-79 GHSA-7rg3-7j2j-797w: Multiple cross-site scripting (XSS) vulnerabilities in phpPgAdmin before 5
Multiple cross-site scripting (XSS) vulnerabilities in phpPgAdmin before 5.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) a web page title, related to classes/Misc.php; or the (2) return_url or (3) return_desc parameter to display.php.
OSV
CVE-2011-3598: Multiple cross-site scripting (XSS) vulnerabilities in phpPgAdmin before 5
osv·2011-10-08·CVSS 4.3
CVE-2011-3598 [MEDIUM] CVE-2011-3598: Multiple cross-site scripting (XSS) vulnerabilities in phpPgAdmin before 5
Multiple cross-site scripting (XSS) vulnerabilities in phpPgAdmin before 5.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) a web page title, related to classes/Misc.php; or the (2) return_url or (3) return_desc parameter to display.php.
Debian
CVE-2011-3598: phppgadmin - Multiple cross-site scripting (XSS) vulnerabilities in phpPgAdmin before 5.0.3 a...
vendor_debian·2011·CVSS 4.3
CVE-2011-3598 [MEDIUM] CVE-2011-3598: phppgadmin - Multiple cross-site scripting (XSS) vulnerabilities in phpPgAdmin before 5.0.3 a...
Multiple cross-site scripting (XSS) vulnerabilities in phpPgAdmin before 5.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) a web page title, related to classes/Misc.php; or the (2) return_url or (3) return_desc parameter to display.php.
Scope: local
forky: resolved (fixed in 5.0.3-1)
sid: resolved (fixed in 5.0.3-1)
trixie: resolved (fixed in 5.0.3-1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2011-3598 phpPgAdmin: Multiple XSS flaws fixed in v5.0.3 [epel-4]
bugzilla·2011-10-04·CVSS 4.3
CVE-2011-3598 [MEDIUM] CVE-2011-3598 phpPgAdmin: Multiple XSS flaws fixed in v5.0.3 [epel-4]
CVE-2011-3598 phpPgAdmin: Multiple XSS flaws fixed in v5.0.3 [epel-4]
epel-4 tracking bug for phpPgAdmin: see blocks bug list for full details of the security issue(s).
This bug is never intended to be made public, please put any public notes
in the 'blocks' bugs.
[bug automatically created by: add-tracking-bugs]
Discussion:
phpPgAdmin-5.0.3-1.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/phpPgAdmin-5.0.3-1.fc16
---
phpPgAdmin-5.0.3-1.el6 has been submitted as an update for Fedora EPEL 6.
https://admin.fedoraproject.org/updates/phpPgAdmin-5.0.3-1.el6
---
phpPgAdmin-5.0.3-1.el5 has been submitted as an update for Fedora EPEL 5.
https://admin.fedoraproject.org/updates/phpPgAdmin-5.0.3-1.el5
---
phpPgAdmin-5.0.3-1.el4 has been submitte
Bugzilla
CVE-2011-3598 phpPgAdmin: Multiple XSS flaws fixed in v5.0.3
bugzilla·2011-10-04·CVSS 4.3
CVE-2011-3598 [MEDIUM] CVE-2011-3598 phpPgAdmin: Multiple XSS flaws fixed in v5.0.3
CVE-2011-3598 phpPgAdmin: Multiple XSS flaws fixed in v5.0.3
Multiple cross-site scripting (XSS) flaws were reported in phpPgAdmin:
1) the 'title' argument of a particular web page was not sanitized properly
prior displaying the page header,
2) the return ULR ('return_url') and return link name ('return_desc') were
not sanitized properly prior displaying the requested page data.
A remote attacker could provide a specially-crafted URL, which once visited by an unsuspecting phpPgAdmin user could lead to arbitrary HTML or web script execution.
References:
[1] https://secunia.com/advisories/46248/
[2] https://bugs.gentoo.org/show_bug.cgi?id=385505
[3] http://phppgadmin.sourceforge.net/doku.php?id=download
[4] http://sourceforge.net/mailarchive/forum.php?thread_name=4E897F6C.90905%40free.fr&
http://freshmeat.net/projects/phppgadmin/releases/336969http://lists.fedoraproject.org/pipermail/package-announce/2011-October/067843.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-October/067846.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-October/068009.htmlhttp://lists.opensuse.org/opensuse-updates/2012-04/msg00033.htmlhttp://osvdb.org/75997http://osvdb.org/75998http://secunia.com/advisories/46248http://secunia.com/advisories/46426http://sourceforge.net/mailarchive/forum.php?thread_name=4E897F6C.90905%40free.fr&forum_name=phppgadmin-newshttp://www.openwall.com/lists/oss-security/2011/10/04/1http://www.openwall.com/lists/oss-security/2011/10/04/10http://www.securityfocus.com/bid/49914https://bugs.gentoo.org/show_bug.cgi?id=385505https://bugzilla.redhat.com/show_bug.cgi?id=743205https://github.com/phppgadmin/phppgadmin/commit/1df248203de055f97e092b50b1dd9643ccb73842http://freshmeat.net/projects/phppgadmin/releases/336969http://lists.fedoraproject.org/pipermail/package-announce/2011-October/067843.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-October/067846.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-October/068009.htmlhttp://lists.opensuse.org/opensuse-updates/2012-04/msg00033.htmlhttp://osvdb.org/75997http://osvdb.org/75998http://secunia.com/advisories/46248http://secunia.com/advisories/46426http://sourceforge.net/mailarchive/forum.php?thread_name=4E897F6C.90905%40free.fr&forum_name=phppgadmin-newshttp://www.openwall.com/lists/oss-security/2011/10/04/1http://www.openwall.com/lists/oss-security/2011/10/04/10http://www.securityfocus.com/bid/49914https://bugs.gentoo.org/show_bug.cgi?id=385505https://bugzilla.redhat.com/show_bug.cgi?id=743205https://github.com/phppgadmin/phppgadmin/commit/1df248203de055f97e092b50b1dd9643ccb73842
2011-10-08
Published