CVE-2011-4782 — Cross-site Scripting in Phpmyadmin

CWE-79 — Cross-site Scripting7 documents6 sources

Severity

4.3MEDIUMNVD

EPSS

0.5%

top 35.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpmyadmin Debian Phpmyadmin

Timeline

PublishedDec 22

Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in libraries/config/ConfigFile.class.php in the setup interface in phpMyAdmin 3.4.x before 3.4.9 allows remote attackers to inject arbitrary web script or HTML via the host parameter.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages4 packages

▶debiandebian/phpmyadmin< phpmyadmin 4:3.4.9-1 (bookworm)

▶Packagistphpmyadmin/phpmyadmin3.4.0 — 3.4.9

▶Debianphpmyadmin/phpmyadmin< 4:3.4.9-1+3

▶NVDphpmyadmin/phpmyadmin11 versions+10

Patches

Patch: www.phpmyadmin.net ↗Patch: www.phpmyadmin.net ↗

🔴Vulnerability Details

GHSA

phpMyAdmin Cross-site Scripting vulnerability↗2022-05-17

▶

OSV

phpMyAdmin Cross-site Scripting vulnerability↗2022-05-17

▶

OSV

CVE-2011-4782: Cross-site scripting (XSS) vulnerability in libraries/config/ConfigFile↗2011-12-22

▶

📋Vendor Advisories

Debian

CVE-2011-4782: phpmyadmin - Cross-site scripting (XSS) vulnerability in libraries/config/ConfigFile.class.ph...↗2011

▶

Red Hat

glibc: fnmatch() alloca()-based memory corruption flaw↗2010-08-05

▶

💬Community

Bugzilla

CVE-2011-4782 phpMyAdmin Crafted values entered in the setup interface can produce XSS PMASA-2011-19↗2011-12-22

▶