CVE-2018-12581Cross-site Scripting in Phpmyadmin

CWE-79Cross-site Scripting10 documents6 sources
Severity
6.1MEDIUMNVD
OSV5.0
EPSS
0.6%
top 29.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
PhpmyadminDebian Phpmyadmin
Timeline
PublishedJun 21
Latest updateMay 14

Description

An issue was discovered in js/designer/move.js in phpMyAdmin before 4.8.2. A Cross-Site Scripting vulnerability has been found where an attacker can use a crafted database name to trigger an XSS attack when that database is referenced from the Designer feature.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages5 packages

debiandebian/phpmyadmin< phpmyadmin 4:4.9.1+dfsg1-2 (bookworm)
Packagistphpmyadmin/phpmyadmin< 4.8.2
Debianphpmyadmin/phpmyadmin< 4:4.9.1+dfsg1-2+3
Ubuntuphpmyadmin/phpmyadmin< 4:4.0.10-1ubuntu0.1+esm4+3

Patches

Patch: www.phpmyadmin.netPatch: www.phpmyadmin.net

🔴Vulnerability Details

4
OSV
phpMyAdmin XSS Vulnerability2022-05-14
GHSA
phpMyAdmin XSS Vulnerability2022-05-14
OSV
phpmyadmin vulnerabilities2021-03-16
OSV
CVE-2018-12581: An issue was discovered in js/designer/move2018-06-21

📋Vendor Advisories

2
Ubuntu
phpMyAdmin vulnerabilities2021-03-16
Debian
CVE-2018-12581: phpmyadmin - An issue was discovered in js/designer/move.js in phpMyAdmin before 4.8.2. A Cro...2018

💬Community

3
Bugzilla
CVE-2018-12581 phpMyAdmin: XSS when the database is referenced from the Designer feature [fedora-all]2018-06-22
Bugzilla
CVE-2018-12581 phpMyAdmin: XSS when the database is referenced from the Designer feature2018-06-22
Bugzilla
CVE-2018-12581 phpMyAdmin: XSS when the database is referenced from the Designer feature [epel-all]2018-06-22