CVE-2018-7260 — Cross-site Scripting in Phpmyadmin

CWE-79 — Cross-site Scripting12 documents6 sources

Severity

5.4MEDIUMNVD

OSV6.5OSV5.0

EPSS

0.3%

top 46.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpmyadmin Debian Phpmyadmin

Timeline

PublishedFeb 21

Latest updateMay 14

Description

Cross-site scripting (XSS) vulnerability in db_central_columns.php in phpMyAdmin before 4.7.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages5 packages

▶debiandebian/phpmyadmin< phpmyadmin 4:4.9.1+dfsg1-2 (bookworm)

▶NVDphpmyadmin/phpmyadmin< 4.7.8

▶Packagistphpmyadmin/phpmyadmin< 4.7.8

▶Debianphpmyadmin/phpmyadmin< 4:4.9.1+dfsg1-2+3

▶Ubuntuphpmyadmin/phpmyadmin< 4:4.6.6-5ubuntu0.5+4

Patches

Patch: github.com ↗Patch: udiniya.wordpress.com ↗Patch: www.phpmyadmin.net ↗

🔴Vulnerability Details

OSV

phpMyAdmin Cross-site scripting (XSS) vulnerability in central columns feature↗2022-05-14

▶

GHSA

phpMyAdmin Cross-site scripting (XSS) vulnerability in central columns feature↗2022-05-14

▶

OSV

phpmyadmin vulnerabilities↗2021-03-16

▶

OSV

phpmyadmin vulnerabilities↗2020-11-19

▶

OSV

CVE-2018-7260: Cross-site scripting (XSS) vulnerability in db_central_columns↗2018-02-21

▶

📋Vendor Advisories

Ubuntu

phpMyAdmin vulnerabilities↗2021-03-16

▶

Ubuntu

phpMyAdmin vulnerabilities↗2020-11-19

▶

Debian

CVE-2018-7260: phpmyadmin - Cross-site scripting (XSS) vulnerability in db_central_columns.php in phpMyAdmin...↗2018

▶

💬Community

Bugzilla

CVE-2018-7260 phpMyAdmin: XSS in db_central_columns.php↗2018-02-21

▶

Bugzilla

CVE-2018-7260 phpMyAdmin: XSS in db_central_columns.php [epel-all]↗2018-02-21

▶

Bugzilla

CVE-2018-7260 phpMyAdmin: XSS in db_central_columns.php [fedora-all]↗2018-02-21

▶