Published: 02/12/2010 Updated: 07/11/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in the PMA_linkOrButton function in libraries/common.lib.php in the database (db) search script in phpMyAdmin 2.11.x prior to 2.11.11.1 and 3.x prior to 3.3.8.1 allows remote malicious users to inject arbitrary web script or HTML via a crafted request.

Vulnerable Product	Search on Vulmon	Subscribe to Product
phpmyadmin phpmyadmin 3.0.1.1
phpmyadmin phpmyadmin 3.2.1
phpmyadmin phpmyadmin 2.11.1.2
phpmyadmin phpmyadmin 3.1.4
phpmyadmin phpmyadmin 3.1.3
phpmyadmin phpmyadmin 2.11.5.1
phpmyadmin phpmyadmin 2.11.5.0
phpmyadmin phpmyadmin 3.2.0
phpmyadmin phpmyadmin 3.1.2
phpmyadmin phpmyadmin 2.11.9.0
phpmyadmin phpmyadmin 3.1.0
phpmyadmin phpmyadmin 2.11.9.1
phpmyadmin phpmyadmin 3.3.3.0
phpmyadmin phpmyadmin 3.0.0
phpmyadmin phpmyadmin 3.3.4.0
phpmyadmin phpmyadmin 2.11.5.2
phpmyadmin phpmyadmin 2.11.2.2
phpmyadmin phpmyadmin 2.11.8.0
phpmyadmin phpmyadmin 3.3.1.0
phpmyadmin phpmyadmin 3.3.7
phpmyadmin phpmyadmin 2.11.11
phpmyadmin phpmyadmin 2.11.4.0
phpmyadmin phpmyadmin 3.1.5
phpmyadmin phpmyadmin 2.11.2.1
phpmyadmin phpmyadmin 3.1.1
phpmyadmin phpmyadmin 3.3.5.0
phpmyadmin phpmyadmin 2.11.9.5
phpmyadmin phpmyadmin 2.11.10.0
phpmyadmin phpmyadmin 2.11.6.0
phpmyadmin phpmyadmin 3.3.0.0
phpmyadmin phpmyadmin 3.3.6
phpmyadmin phpmyadmin 3.3.2.0
phpmyadmin phpmyadmin 2.11.7.0
phpmyadmin phpmyadmin 2.11.9.6
phpmyadmin phpmyadmin 3.1.3.2
phpmyadmin phpmyadmin 2.11.2.0
phpmyadmin phpmyadmin 2.11.9.2
phpmyadmin phpmyadmin 2.11.9.3
phpmyadmin phpmyadmin 3.3.5.1
phpmyadmin phpmyadmin 2.11.1.1
phpmyadmin phpmyadmin 3.0.1
phpmyadmin phpmyadmin 2.11.9.4
phpmyadmin phpmyadmin 3.1.3.1
phpmyadmin phpmyadmin 2.11.7.1
phpmyadmin phpmyadmin 2.11.3.0
phpmyadmin phpmyadmin 3.3.8
phpmyadmin phpmyadmin 3.2.2
phpmyadmin phpmyadmin 2.11.1.0
phpmyadmin phpmyadmin 2.11.0
phpmyadmin phpmyadmin 2.11.10.1

Debian Bug report logs - #608290 CVE-2010-4480 CVE-2010-4481 Package: phpmyadmin; Maintainer for phpmyadmin is Thijs Kinkhorst <thijs@debianorg>; Source for phpmyadmin is src:phpmyadmin (PTS, buildd, popcon) Reported by: Giuseppe Iuculano <iuculano@debianorg> Date: Wed, 29 Dec 2010 17:51:01 UTC Severity: serious T ...

CWE-79 http://www.vupen.com/english/advisories/2010/3082 http://www.securityfocus.com/bid/45100 http://secunia.com/advisories/42408 http://www.osvdb.org/69516 http://www.phpmyadmin.net/home_page/security/PMASA-2010-8.php http://www.mandriva.com/security/advisories?name=MDVSA-2010:244 http://www.vupen.com/english/advisories/2010/3087 http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051942.html http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051956.html http://www.vupen.com/english/advisories/2010/3158 http://secunia.com/advisories/42477 http://www.debian.org/security/2010/dsa-2139 http://www.vupen.com/english/advisories/2011/0001 http://secunia.com/advisories/42725 http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commitdiff%3Bh=e1f4901ffc400b6d2df15eac0ba5015fe48a27c4 http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commitdiff%3Bh=4341818d73d454451f024950a4ce0141608ac7f8 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608290 https://nvd.nist.gov

CVE-2010-4329

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect