CVE-2020-26934
published 2020-10-10CVE-2020-26934: phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link.
medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | phpmyadmin | < phpmyadmin 4:4.9.7+dfsg1-1 (bookworm) | phpmyadmin 4:4.9.7+dfsg1-1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| opensuse | backports_sle | — | — |
| opensuse | leap | — | — |
| opensuse | leap | — | — |
| phpmyadmin | phpmyadmin | >= 0 < 4:4.9.7+dfsg1-1 | 4:4.9.7+dfsg1-1 |
| phpmyadmin | phpmyadmin | >= 0 < 4:4.9.7+dfsg1-1 | 4:4.9.7+dfsg1-1 |
| phpmyadmin | phpmyadmin | >= 0 < 4:4.9.7+dfsg1-1 | 4:4.9.7+dfsg1-1 |
| phpmyadmin | phpmyadmin | >= 0 < 4:4.9.7+dfsg1-1 | 4:4.9.7+dfsg1-1 |
| phpmyadmin | phpmyadmin | >= 0 < 4:4.6.6-5ubuntu0.5 | 4:4.6.6-5ubuntu0.5 |
| phpmyadmin | phpmyadmin | >= 0 < 4:4.0.10-1ubuntu0.1+esm4 | 4:4.0.10-1ubuntu0.1+esm4 |
| phpmyadmin | phpmyadmin | >= 0 < 4:4.5.4.1-2ubuntu2.1+esm6 | 4:4.5.4.1-2ubuntu2.1+esm6 |
| phpmyadmin | phpmyadmin | >= 0 < 4:4.6.6-5ubuntu0.5+esm1 | 4:4.6.6-5ubuntu0.5+esm1 |
| phpmyadmin | phpmyadmin | >= 0 < 4:4.9.5+dfsg1-2ubuntu0.1~esm1 | 4:4.9.5+dfsg1-2ubuntu0.1~esm1 |
| phpmyadmin | phpmyadmin | >= 4.9.0 < 4.9.6 | 4.9.6 |
| phpmyadmin | phpmyadmin | >= 4.9.0 < 4.9.6 | 4.9.6 |
| phpmyadmin | phpmyadmin | >= 5.0.0 < 5.0.3 | 5.0.3 |
| phpmyadmin | phpmyadmin | >= 5.0.0 < 5.0.3 | 5.0.3 |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
osv6.5MEDIUM