Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2010-4480

Published: 08/12/2010 Updated: 28/01/2011
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 435
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Phpmyadmin

Vulnerability Summary

error.php in PhpMyAdmin 3.3.8.1, and other versions prior to 3.4.0-beta1, allows remote malicious users to conduct cross-site scripting (XSS) attacks via a crafted BBcode tag containing "@" characters, as demonstrated using "[a@url@page]".

Vulnerable Product Search on Vulmon Subscribe to Product

phpmyadmin phpmyadmin 3.3.9.0

phpmyadmin phpmyadmin 3.3.8.1

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2010-4480 CVE-2010-4481
Debian Bug report logs - #608290 CVE-2010-4480 CVE-2010-4481 Package: phpmyadmin; Maintainer for phpmyadmin is Thijs Kinkhorst <thijs@debianorg>; Source for phpmyadmin is src:phpmyadmin (PTS, buildd, popcon) Reported by: Giuseppe Iuculano <iuculano@debianorg> Date: Wed, 29 Dec 2010 17:51:01 UTC Severity: serious T ...

Exploits

Exploit DB: phpMyAdmin - Client-Side Code Injection / Redirect Link Falsification
PhpMyAdmin Client Side 0Day Code Injection and Redirect Link Falsification Credits: Emanuele 'emgent' Gentili <emgent@backtrack-linuxorg> Marco 'white_sheep' Rondini <white_sheep@backtrack-linuxorg> Alessandro 'scox' Scoscia <scox@backtrackit> In errorphp, PhpMyAdmin permit to insert text and restricted tag, like ...

References

CWE-79http://www.exploit-db.com/exploits/15699http://www.vupen.com/english/advisories/2010/3133http://secunia.com/advisories/42485http://secunia.com/advisories/42725http://www.mandriva.com/security/advisories?name=MDVSA-2011:000http://www.debian.org/security/2010/dsa-2139http://www.vupen.com/english/advisories/2011/0027http://www.securityfocus.com/bid/45633http://www.phpmyadmin.net/home_page/security/PMASA-2010-9.phphttp://www.vupen.com/english/advisories/2011/0001https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608290https://nvd.nist.govhttps://www.exploit-db.com/exploits/15699/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4654CVE-2023-49606encryptionNULL pointer dereferenceCVE-2024-4439CVE-2024-4649race conditionCVE-2024-27202CVE-2024-34566
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook