[Forgot Password]
Login  Register Subscribe

30480

 
 

423868

 
 

253164

 
 

909

 
 

197077

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2010-4329Date: (C)2010-12-02   (M)2023-12-22


Cross-site scripting (XSS) vulnerability in the PMA_linkOrButton function in libraries/common.lib.php in the database (db) search script in phpMyAdmin 2.11.x before 2.11.11.1 and 3.x before 3.3.8.1 allows remote attackers to inject arbitrary web script or HTML via a crafted request.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECUNIA-42408
SECUNIA-42477
SECUNIA-42725
BID-45100
OSVDB-69516
ADV-2010-3082
ADV-2010-3087
ADV-2010-3158
ADV-2011-0001
DSA-2139
FEDORA-2010-18343
FEDORA-2010-18371
MDVSA-2010:244
http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commitdiff%3Bh=4341818d73d454451f024950a4ce0141608ac7f8
http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commitdiff%3Bh=e1f4901ffc400b6d2df15eac0ba5015fe48a27c4
http://www.phpmyadmin.net/home_page/security/PMASA-2010-8.php

CPE    63
cpe:/a:phpmyadmin:phpmyadmin:2.11.1.0
cpe:/a:phpmyadmin:phpmyadmin:2.11.5.0
cpe:/a:phpmyadmin:phpmyadmin:2.11.1.1
cpe:/a:phpmyadmin:phpmyadmin:2.11.3.0
...
CWE    1
CWE-79
OVAL    2
oval:org.secpod.oval:def:101081
oval:org.secpod.oval:def:100293

© SecPod Technologies