CVE-2011-3598 — Cross-site Scripting in Phppgadmin

CWE-79 — Cross-site Scripting6 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

0.7%

top 27.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phppgadmin Project Phppgadmin Debian Phppgadmin Phppgadmin

Timeline

PublishedOct 8

Latest updateMay 17

Description

Multiple cross-site scripting (XSS) vulnerabilities in phpPgAdmin before 5.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) a web page title, related to classes/Misc.php; or the (2) return_url or (3) return_desc parameter to display.php.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/phppgadmin< phppgadmin 5.0.3-1 (forky)

▶Debianphppgadmin_project/phppgadmin< 5.0.3-1+1

▶NVDphppgadmin/phppgadmin5.0.2+16

Patches

Patch: sourceforge.net ↗Patch: www.openwall.com ↗Patch: www.openwall.com ↗

🔴Vulnerability Details

GHSA

GHSA-7rg3-7j2j-797w: Multiple cross-site scripting (XSS) vulnerabilities in phpPgAdmin before 5↗2022-05-17

▶

OSV

CVE-2011-3598: Multiple cross-site scripting (XSS) vulnerabilities in phpPgAdmin before 5↗2011-10-08

▶

📋Vendor Advisories

Debian

CVE-2011-3598: phppgadmin - Multiple cross-site scripting (XSS) vulnerabilities in phpPgAdmin before 5.0.3 a...↗2011

▶

💬Community

Bugzilla

CVE-2011-3598 phpPgAdmin: Multiple XSS flaws fixed in v5.0.3 [epel-4]↗2011-10-04

▶

Bugzilla

CVE-2011-3598 phpPgAdmin: Multiple XSS flaws fixed in v5.0.3↗2011-10-04

▶