CVE-2012-4579 — Cross-site Scripting in Phpmyadmin

CWE-79 — Cross-site Scripting9 documents5 sources

Severity

3.5LOWNVD

EPSS

0.2%

top 59.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpmyadmin Debian Phpmyadmin

Timeline

PublishedAug 21

Latest updateMay 17

Description

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via a Table Operations (1) TRUNCATE or (2) DROP link for a crafted table name, (3) the Add Trigger popup within a Triggers page that references crafted table names, (4) an invalid trigger-creation attempt for a crafted table name, (5) crafted data in a table, or (6) a crafted tooltip label name during GIS data visualization, a different is…

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages4 packages

▶debiandebian/phpmyadmin< phpmyadmin 4:3.4.11.1-1 (bookworm)

▶Packagistphpmyadmin/phpmyadmin3.5 — 3.5.2.2

▶Debianphpmyadmin/phpmyadmin< 4:3.4.11.1-1+3

▶NVDphpmyadmin/phpmyadmin4 versions+3

Patches

Patch: www.phpmyadmin.net ↗Patch: www.phpmyadmin.net ↗

🔴Vulnerability Details

GHSA

phpMyAdmin Multiple XSS Vulnerabilities↗2022-05-17

▶

OSV

phpMyAdmin Multiple XSS Vulnerabilities↗2022-05-17

▶

OSV

CVE-2012-4579: Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3↗2012-08-21

▶

📋Vendor Advisories

Debian

CVE-2012-4579: phpmyadmin - Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3...↗2012

▶

💬Community

Bugzilla

CVE-2012-4345 CVE-2012-4579 phpMyAdmin: Multiple XSS in Table operations, Database structure, Trigger and Visualize GIS data pages (PMASA-2012-4) [fedora-all]↗2012-08-22

▶

Bugzilla

CVE-2012-4345 CVE-2012-4579 phpMyAdmin: Multiple XSS in Table operations, Database structure, Trigger and Visualize GIS data pages (PMASA-2012-4) [epel-6]↗2012-08-22

▶

Bugzilla

CVE-2012-4345 CVE-2012-4579 phpMyAdmin: Multiple XSS in Table operations, Database structure, Trigger and Visualize GIS data pages (PMASA-2012-4) [epel-5]↗2012-08-22

▶

Bugzilla

CVE-2012-4345 CVE-2012-4579 phpMyAdmin: Multiple XSS in Table operations, Database structure, Trigger and Visualize GIS data pages (PMASA-2012-4)↗2012-08-17

▶