github - ghsa-2h23-c973-x63q

ghsa-2h23-c973-x63q

Vulnerability from github

Published

2022-05-17 01:51

Modified

2025-04-12 02:27

Severity ?

1.3 (Low) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U

Summary

phpMyAdmin Cross-site Scripting vulnerability

Details

Cross-site scripting (XSS) vulnerability in libraries/config/ConfigFile.class.php in the setup interface in phpMyAdmin 3.4.x before 3.4.9 allows remote attackers to inject arbitrary web script or HTML via the host parameter.

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "phpmyadmin/phpmyadmin"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.4.0"
            },
            {
              "fixed": "3.4.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2011-4782"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-04-12T02:27:53Z",
    "nvd_published_at": "2011-12-22T20:55:00Z",
    "severity": "LOW"
  },
  "details": "Cross-site scripting (XSS) vulnerability in libraries/config/ConfigFile.class.php in the setup interface in phpMyAdmin 3.4.x before 3.4.9 allows remote attackers to inject arbitrary web script or HTML via the host parameter.",
  "id": "GHSA-2h23-c973-x63q",
  "modified": "2025-04-12T02:27:53Z",
  "published": "2022-05-17T01:51:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4782"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71938"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/phpmyadmin/phpmyadmin"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071523.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071537.html"
    },
    {
      "type": "WEB",
      "url": "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=0e707906e69ce90c4852a0fce2a0fac7db86a3cd"
    },
    {
      "type": "WEB",
      "url": "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=0e707906e69ce90c4852a0fce2a0fac7db86a3cd"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:198"
    },
    {
      "type": "WEB",
      "url": "http://www.phpmyadmin.net/home_page/security/PMASA-2011-19.php"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U",
      "type": "CVSS_V4"
    }
  ],
  "summary": "phpMyAdmin Cross-site Scripting vulnerability"
}

CVE-2011-4782 (GCVE-0-2011-4782)

Vulnerability from cvelistv5

Published

2011-12-22 20:00

Modified

2024-08-07 00:16

Severity ?

CWE

Summary

References

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilities/71938	vdb-entry, x_refsource_XF
	http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=0e707906e69ce90c4852a0fce2a0fac7db86a3cd	x_refsource_CONFIRM
	http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071523.html	vendor-advisory, x_refsource_FEDORA
	http://www.mandriva.com/security/advisories?name=MDVSA-2011:198	vendor-advisory, x_refsource_MANDRIVA
	http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071537.html	vendor-advisory, x_refsource_FEDORA
	http://www.phpmyadmin.net/home_page/security/PMASA-2011-19.php	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website