CVE-2017-1000015 — Cross-site Scripting in Phpmyadmin

CWE-79 — Cross-site Scripting11 documents6 sources

Severity

6.1MEDIUMNVD

OSV5.0

EPSS

0.6%

top 31.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpmyadmin Debian Phpmyadmin

Timeline

PublishedJul 17

Latest updateMay 14

Description

phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a CSS injection attack through crafted cookie parameters

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages5 packages

▶debiandebian/phpmyadmin< phpmyadmin 4:4.6.6-1 (bookworm)

▶Packagistphpmyadmin/phpmyadmin4.6.0 — 4.6.6+2

▶Debianphpmyadmin/phpmyadmin< 4:4.6.6-1+3

▶Ubuntuphpmyadmin/phpmyadmin< 4:4.0.10-1ubuntu0.1+esm4+3

▶NVDphpmyadmin/phpmyadmin65 versions+64

🔴Vulnerability Details

OSV

phpMyAdmin CSS Injection Vulnerability↗2022-05-14

▶

GHSA

phpMyAdmin CSS Injection Vulnerability↗2022-05-14

▶

OSV

phpmyadmin vulnerabilities↗2021-03-16

▶

OSV

CVE-2017-1000015: phpMyAdmin 4↗2017-07-17

▶

📋Vendor Advisories

Ubuntu

phpMyAdmin vulnerabilities↗2021-03-16

▶

Debian

CVE-2017-1000015: phpmyadmin - phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a CSS injection attack through cr...↗2017

▶

💬Community

Bugzilla

CVE-2017-1000013 CVE-2017-1000014 CVE-2017-1000015 CVE-2017-1000016 CVE-2017-1000017 CVE-2017-1000018 phpMyAdmin: various flaws [fedora-all]↗2017-01-24

▶

Bugzilla

CVE-2017-1000013 CVE-2017-1000014 CVE-2017-1000015 CVE-2017-1000016 CVE-2017-1000017 CVE-2017-1000018 phpMyAdmin4: various flaws [epel-5]↗2017-01-24

▶

Bugzilla

CVE-2017-1000015 phpMyAdmin: CSS injection in themes↗2017-01-24

▶

Bugzilla

CVE-2017-1000013 CVE-2017-1000014 CVE-2017-1000015 CVE-2017-1000016 CVE-2017-1000017 CVE-2017-1000018 phpMyAdmin: various flaws [epel-all]↗2017-01-24

▶