CVE-2018-19970Cross-site Scripting in Phpmyadmin

CWE-79Cross-site Scripting11 documents6 sources
Severity
6.1MEDIUMNVD
OSV6.5OSV5.0
EPSS
1.5%
top 18.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
PhpmyadminDebian PhpmyadminDebian Linux
Timeline
PublishedDec 11
Latest updateMay 14

Description

In phpMyAdmin before 4.8.4, an XSS vulnerability was found in the navigation tree, where an attacker can deliver a payload to a user through a crafted database/table name.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages5 packages

debiandebian/phpmyadmin< phpmyadmin 4:4.9.1+dfsg1-2 (bookworm)
NVDphpmyadmin/phpmyadmin4.0.04.8.4
Packagistphpmyadmin/phpmyadmin4.04.8.4
Debianphpmyadmin/phpmyadmin< 4:4.9.1+dfsg1-2+3
Ubuntuphpmyadmin/phpmyadmin< 4:4.6.6-5ubuntu0.5+4

Also affects: Debian Linux 8.0

Patches

Patch: www.phpmyadmin.netPatch: www.phpmyadmin.net

🔴Vulnerability Details

5
GHSA
phpMyAdmin Cross-site Scripting (XSS) vulnerability2022-05-14
OSV
phpMyAdmin Cross-site Scripting (XSS) vulnerability2022-05-14
OSV
phpmyadmin vulnerabilities2021-03-16
OSV
phpmyadmin vulnerabilities2020-11-19
OSV
CVE-2018-19970: In phpMyAdmin before 42018-12-11

📋Vendor Advisories

3
Ubuntu
phpMyAdmin vulnerabilities2021-03-16
Ubuntu
phpMyAdmin vulnerabilities2020-11-19
Debian
CVE-2018-19970: phpmyadmin - In phpMyAdmin before 4.8.4, an XSS vulnerability was found in the navigation tre...2018

💬Community

2
Bugzilla
CVE-2018-19968 CVE-2018-19969 CVE-2018-19970 CVE-2018-12613 phpMyAdmin: Multiple security issues fixed in 4.8.4 [epel-all]2018-12-13
Bugzilla
CVE-2018-19968 CVE-2018-19969 CVE-2018-19970 CVE-2018-12613 phpMyAdmin: Multiple security issues fixed in 4.8.42018-12-13