Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1yM3BxLW1wOHYtY3AzM84AAfQa
phpMyAdmin Multiple Cross-site Scripting Vulnerabilities in the Database Structure page
Multiple cross-site scripting (XSS) vulnerabilities in the Database Structure page in phpMyAdmin 3.4.x before 3.4.11.1 and 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) a crafted table name during table creation, or a (2) Empty link or (3) Drop link for a crafted table name.
Permalink: https://github.com/advisories/GHSA-r3pq-mp8v-cp33JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1yM3BxLW1wOHYtY3AzM84AAfQa
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: almost 2 years ago
Updated: 8 months ago
Identifiers: GHSA-r3pq-mp8v-cp33, CVE-2012-4345
References:
- https://nvd.nist.gov/vuln/detail/CVE-2012-4345
- http://www.phpmyadmin.net/home_page/security/PMASA-2012-4.php
- https://web.archive.org/web/20150523055725/http://www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2012:136/?name=MDVSA-2012:136
- https://github.com/advisories/GHSA-r3pq-mp8v-cp33
Affected Packages
packagist:phpmyadmin/phpmyadmin
Dependent packages: 4Dependent repositories: 15
Downloads: 297,418 total
Affected Version Ranges: >= 3.5, < 3.5.2.2, >= 3.4, < 3.4.11.1
Fixed in: 3.5.2.2, 3.4.11.1
All affected versions: 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7, 4.0.8, 4.0.9, 4.0.10, 4.7.0, 4.7.1, 4.7.2, 4.7.3, 4.7.4, 4.7.5, 4.7.6, 4.7.7, 4.7.8, 4.7.9, 4.8.0, 4.8.1, 4.8.2, 4.8.3, 4.8.4, 4.8.5, 4.9.0, 4.9.1, 4.9.2, 4.9.3, 4.9.4, 4.9.5, 4.9.6, 4.9.7, 4.9.8, 4.9.9, 4.9.10, 4.9.11, 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.1.0, 5.1.1, 5.1.2, 5.1.3, 5.1.4, 5.2.0, 5.2.1
All unaffected versions: