CVE-2012-5339 — Cross-site Scripting in Phpmyadmin

CWE-79 — Cross-site Scripting5 documents5 sources

Severity

3.5LOWNVD

EPSS

0.2%

top 56.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpmyadmin Debian Phpmyadmin

Timeline

PublishedOct 25

Latest updateMay 17

Description

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.3 allow remote authenticated users to inject arbitrary web script or HTML via a crafted name of (1) an event, (2) a procedure, or (3) a trigger.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages3 packages

▶Packagistphpmyadmin/phpmyadmin3.5 — 3.5.3

▶debiandebian/phpmyadmin

▶NVDphpmyadmin/phpmyadmin5 versions+4

Patches

Patch: www.phpmyadmin.net ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

phpMyAdmin multiple cross-site scripting vulnerabilities↗2022-05-17

▶

GHSA

phpMyAdmin multiple cross-site scripting vulnerabilities↗2022-05-17

▶

📋Vendor Advisories

Debian

CVE-2012-5339: phpmyadmin - Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3...↗2012

▶

💬Community

Bugzilla

CVE-2012-5339 phpMyAdmin: Multiple XSS flaws due unescaped HTML output in Trigger, Procedure and Event pages (PMASA-2012-6)↗2012-10-25

▶