Phpmyadmin : Security Vulnerabilities, CVEs, Published In 2008 (XSS) CVSS score >= 2
Cross-site scripting (XSS) vulnerability in pmd_pdf.php in phpMyAdmin 3.0.0, and possibly other versions including 2.11.9.2 and 3.0.1, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the db parameter, a different vector than CVE-2006-6942 and CVE-2007-5977.
Max CVSS
2.6
EPSS Score
0.80%
Published
2008-10-28
Updated
2018-10-11
The PMA_escapeJsString function in libraries/js_escape.lib.php in phpMyAdmin before 2.11.9.2, when Internet Explorer is used, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via a NUL byte inside a "</script" sequence.
Max CVSS
4.3
EPSS Score
0.42%
Published
2008-09-30
Updated
2011-03-08
Cross-site scripting (XSS) vulnerability in setup.php in phpMyAdmin before 2.11.8 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted setup arguments. NOTE: this issue can only be exploited in limited scenarios in which the attacker must be able to modify config/config.inc.php.
Max CVSS
2.6
EPSS Score
0.41%
Published
2008-08-04
Updated
2017-08-08
Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.11.7, when register_globals is enabled and .htaccess support is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving scripts in libraries/.
Max CVSS
2.6
EPSS Score
0.43%
Published
2008-07-02
Updated
2017-08-08
4 vulnerabilities found