Published: 07/03/2019 Updated: 08/03/2019
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

An issue exists in PHPMyWind 5.5. The method parameter of the data/api/oauth/connect.php page has a reflected Cross-site Scripting (XSS) vulnerability.

Vulnerability Trend

Affected Products

Vendor Product Versions

Github Repositories

This our note

Architecture These exploit of CVEs is together with my colleagues CVE ID Attack Vector Product Reference CVE-2019-7748 Broken Authentication DbNinja [1][2] CVE-2019-7747 Broken Authentication DbNinja [1][2] CVE-2019-7731 Remote Code Execution (RCE) MyWebSQL [1][2] CVE-2019-7730 Cross-site request forgery (CSRF) MyWebSQL [1][2] CVE-2019-7661 (Wait for Published)