Vulnerability Details : CVE-2012-1600
Multiple cross-site scripting (XSS) vulnerabilities in functions.php in phpPgAdmin before 5.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) type of a function.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2012-1600
- cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*
- cpe:2.3:a:phppgadmin_project:phppgadmin:*:*:*:*:*:*:*:*
- cpe:2.3:a:phppgadmin_project:phppgadmin:5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:phppgadmin_project:phppgadmin:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:phppgadmin_project:phppgadmin:5.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-1600
0.29%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 66 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-1600
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2012-1600
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-1600
-
https://bugzilla.redhat.com/show_bug.cgi?id=808439
808439 – (CVE-2012-1600) CVE-2012-1600 phpPgAdmin: XSS by displaying default list of functions in the database
-
http://sourceforge.net/p/phppgadmin/mailman/message/28783470/
phpPgAdmin / [ppa-dev] XSS in functions.php (listing functions)
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/74440
phpPgAdmin function.php cross-site scripting CVE-2012-1600 Vulnerability Report
-
http://www.openwall.com/lists/oss-security/2012/03/30/7
oss-security - Re: CVE request: phppgadmin before 5.0.4 XSS
-
http://lists.opensuse.org/opensuse-updates/2012-04/msg00033.html
openSUSE-SU-2012:0493-1: update to 5.0.4, fix for bnc#754694 (CVE-2012-1
-
http://www.securityfocus.com/bid/52761
phpPgAdmin 'function.php' Cross Site Scripting Vulnerability
-
https://github.com/phppgadmin/phppgadmin/commit/74174ad639664b52cc1609ede0af8bc403e98a00
Fix XSS in function.php, reported by Mateusz Goik. · phppgadmin/phppgadmin@74174ad · GitHub
-
http://www.postgresql.org/message-id/4F6B447C.6080204%40dalibo.com
PostgreSQL: phpPgAdmin 5.0.4 released !
-
http://www.openwall.com/lists/oss-security/2012/03/29/6
oss-security - Re: CVE request: phppgadmin before 5.0.4 XSS
-
http://www.openwall.com/lists/oss-security/2012/03/28/11
oss-security - CVE request: phppgadmin before 5.0.4 XSS
-
https://github.com/phppgadmin/phppgadmin/commit/e92a003624609a445c4cf57c9c3d1fcef0eae47c#diff-0
Release 5.0.4 · phppgadmin/phppgadmin@e92a003 · GitHub
Jump to