CVE-2020-26934Cross-site Scripting in Phpmyadmin

CWE-79Cross-site Scripting11 documents7 sources
Severity
6.1MEDIUMNVD
EPSS
2.8%
top 13.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
PhpmyadminDebian LinuxFedoraproject Fedora+2 more
Timeline
PublishedOct 10
Latest updateMay 24

Description

phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages5 packages

NVDphpmyadmin/phpmyadmin4.9.04.9.6+1
Packagistphpmyadmin/phpmyadmin4.9.04.9.6+1
Debianphpmyadmin/phpmyadmin< 4:4.9.7+dfsg1-1+3
NVDopensuse/leap15.1, 15.2+1

Also affects: Debian Linux 9.0, Fedora 31, 32, 33

Patches

Patch: www.phpmyadmin.netPatch: www.phpmyadmin.net

🔴Vulnerability Details

4
GHSA
phpMyAdmin Cross-site Scripting (XSS)2022-05-24
OSV
phpMyAdmin Cross-site Scripting (XSS)2022-05-24
OSV
CVE-2020-26934: phpMyAdmin before 42020-10-10
CVEList
CVE-2020-26934: phpMyAdmin before 42020-10-10

📋Vendor Advisories

3
Ubuntu
phpMyAdmin vulnerabilities2021-03-16
Ubuntu
phpMyAdmin vulnerabilities2020-11-19
Debian
CVE-2020-26934: phpmyadmin - phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformati...2020

💬Community

3
Bugzilla
CVE-2020-26934 phpMyAdmin: XSS relating to the transformation feature [fedora-all]2020-10-12
Bugzilla
CVE-2020-26934 phpmyadmin: XSS relating to the transformation feature2020-10-12
Bugzilla
CVE-2020-26934 phpMyAdmin: XSS relating to the transformation feature [epel-all]2020-10-12
CVE-2020-26934 — Cross-site Scripting in Phpmyadmin | cvebase