CVE-2005-2869

Published: 08/09/2005 Updated: 05/09/2008

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin prior to 2.6.4 allow remote malicious users to inject arbitrary web script or HTML via (1) the Username to libraries/auth/cookie.auth.lib.php or (2) the error parameter to error.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
phpmyadmin phpmyadmin 2.1.1
phpmyadmin phpmyadmin 2.2.4
phpmyadmin phpmyadmin 2.1.2
phpmyadmin phpmyadmin 2.2 pre1
phpmyadmin phpmyadmin 2.5.0
phpmyadmin phpmyadmin 2.2
phpmyadmin phpmyadmin 2.6.2 pl1
phpmyadmin phpmyadmin 2.0.4
phpmyadmin phpmyadmin 2.6.1
phpmyadmin phpmyadmin 2.6.1 pl3
phpmyadmin phpmyadmin 2.3.1
phpmyadmin phpmyadmin 2.0.2
phpmyadmin phpmyadmin 2.5.5 rc1
phpmyadmin phpmyadmin 2.6.0 pl3
phpmyadmin phpmyadmin 2.5.7 pl1
phpmyadmin phpmyadmin 2.4.0
phpmyadmin phpmyadmin 2.5.5
phpmyadmin phpmyadmin 2.5.7
phpmyadmin phpmyadmin 2.5.6 rc1
phpmyadmin phpmyadmin 2.0.3
phpmyadmin phpmyadmin 2.6.1 pl1
phpmyadmin phpmyadmin 2.2.6
phpmyadmin phpmyadmin 2.6.0 pl1
phpmyadmin phpmyadmin 2.6.3
phpmyadmin phpmyadmin 2.5.2
phpmyadmin phpmyadmin 2.1
phpmyadmin phpmyadmin 2.0.1
phpmyadmin phpmyadmin 2.6.2
phpmyadmin phpmyadmin 2.5.1
phpmyadmin phpmyadmin 2.6.0 pl2
phpmyadmin phpmyadmin 2.2 rc2
phpmyadmin phpmyadmin 2.3.2
phpmyadmin phpmyadmin 2.5.4
phpmyadmin phpmyadmin 2.2.5
phpmyadmin phpmyadmin 2.2 rc3
phpmyadmin phpmyadmin 2.5.3
phpmyadmin phpmyadmin 2.2.2
phpmyadmin phpmyadmin 2.2.3
phpmyadmin phpmyadmin 2.5.5 rc2
phpmyadmin phpmyadmin 2.2 pre2
phpmyadmin phpmyadmin 2.6.3 pl1
phpmyadmin phpmyadmin 2.6.1 rc1
phpmyadmin phpmyadmin 2.2 rc1
phpmyadmin phpmyadmin 2.0
phpmyadmin phpmyadmin 2.5.5 pl1
phpmyadmin phpmyadmin 2.0.5

Check Point Reference: CPAI-2023-0799 Date Published: 17 Oct 2023 Severity: Critical ...

source: wwwsecurityfocuscom/bid/14675/info phpMyAdmin is prone to a cross-site scripting vulnerability This issue may be exploited to steal cookie-based authentication credentials from legitimate users of the software Such an attack would require that the victim follows a malicious link that includes hostile HTML and script code /er ...

NVD-CWE-Other http://sourceforge.net/tracker/index.php?func=detail&aid=1265740&group_id=23067&atid=377408 http://sourceforge.net/tracker/index.php?func=detail&aid=1240880&group_id=23067&atid=377408 http://secunia.com/advisories/16605 http://www.debian.org/security/2005/dsa-880 http://secunia.com/advisories/17337 http://www.novell.com/linux/security/advisories/2005_28_sr.html http://secunia.com/advisories/17559 http://www.novell.com/linux/security/advisories/2005_66_phpmyadmin.html http://secunia.com/advisories/17607 https://nvd.nist.gov https://www.exploit-db.com/exploits/26199/https://advisories.checkpoint.com/defense/advisories/public/2023/cpai-2023-0799.html

CVE-2005-2869

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect