Published: 24/11/2005 Updated: 19/10/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin prior to 2.6.4-pl4 allow remote malicious users to inject arbitrary web script or HTML via (1) the cookie-based login panel, (2) the title parameter and (3) the table creation dialog.

Vulnerable Product	Search on Vulmon	Subscribe to Product
phpmyadmin phpmyadmin 2.5.4
phpmyadmin phpmyadmin 2.5.5_pl1
phpmyadmin phpmyadmin 2.6.4_pl3
phpmyadmin phpmyadmin 2.5.6_rc2
phpmyadmin phpmyadmin 2.5.7_pl1
phpmyadmin phpmyadmin 2.5.2_pl1
phpmyadmin phpmyadmin 2.5.3
phpmyadmin phpmyadmin 2.6.2_pl1
phpmyadmin phpmyadmin 2.6.3_pl1
phpmyadmin phpmyadmin 2.2.0
phpmyadmin phpmyadmin 2.2.7_pl1
phpmyadmin phpmyadmin 2.6.0_pl3
phpmyadmin phpmyadmin 2.6.1_pl3

Debian Bug report logs - #368082 phpmyadmin: CVE-2006-2417 and CVE-2006-2418: XSS Package: phpmyadmin; Maintainer for phpmyadmin is Thijs Kinkhorst <thijs@debianorg>; Source for phpmyadmin is src:phpmyadmin (PTS, buildd, popcon) Reported by: Alec Berryman <alec@thenednet> Date: Fri, 19 May 2006 18:48:05 UTC Severi ...

Debian Bug report logs - #339437 HTTP Response Splitting vulnerability Package: phpmyadmin; Maintainer for phpmyadmin is Thijs Kinkhorst <thijs@debianorg>; Source for phpmyadmin is src:phpmyadmin (PTS, buildd, popcon) Reported by: Michal Čihař <michal@ciharcom> Date: Wed, 16 Nov 2005 10:33:02 UTC Severity: grave ...

Debian Bug report logs - #360726 (CVE-2005-3787): PHPMyAdmin Multiple Cross-Site Scripting Vulnerabilities Package: phpmyadmin; Maintainer for phpmyadmin is Thijs Kinkhorst <thijs@debianorg>; Source for phpmyadmin is src:phpmyadmin (PTS, buildd, popcon) Reported by: Stephen Gran <sgran@debianorg> Date: Tue, 4 Apr ...

Debian Bug report logs - #362567 CVE-2006-1678: Multiple cross-site scripting (XSS) vulnerabilities Package: phpmyadmin; Maintainer for phpmyadmin is Thijs Kinkhorst <thijs@debianorg>; Source for phpmyadmin is src:phpmyadmin (PTS, buildd, popcon) Reported by: Stefan Fritsch <sf@sfritschde> Date: Fri, 14 Apr 2006 09 ...

Debian Bug report logs - #340438 CVE-2005-3665: Cross-site scripting by trusting potentially user-supplied input Package: phpmyadmin; Maintainer for phpmyadmin is Thijs Kinkhorst <thijs@debianorg>; Source for phpmyadmin is src:phpmyadmin (PTS, buildd, popcon) Reported by: Piotr Roszatycki <Piotr_Roszatycki@netianetpl& ...

NVD-CWE-Other http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-7 http://secunia.com/advisories/18618 http://secunia.com/advisories/17578 http://www.securityfocus.com/bid/16389 http://www.securityfocus.com/archive/1/423142/100/0/threaded https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=368082

CVE-2005-3787

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect