GHSA-5gh4-v2ch-pcx4

Suggest an improvement
Source
https://github.com/advisories/GHSA-5gh4-v2ch-pcx4
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-5gh4-v2ch-pcx4/GHSA-5gh4-v2ch-pcx4.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-5gh4-v2ch-pcx4
Aliases
Published
2022-05-17T05:07:14Z
Modified
2023-11-01T04:45:15.966210Z
Summary
phpMyAdmin Multiple cross-site scripting (XSS) vulnerabilities
Details

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving a JavaScript event in (1) an anchor identifier to setup/index.php or (2) a chartTitle (aka chart title) value.

Database specific 
{
    "nvd_published_at": "2013-07-31T13:20:00Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "MODERATE",
    "github_reviewed_at": "2023-08-29T18:27:59Z",
    "github_reviewed": true
}
References

Affected packages

Packagist / phpmyadmin/phpmyadmin

Package

Name
phpmyadmin/phpmyadmin
Purl
pkg:composer/phpmyadmin/phpmyadmin

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.5
Fixed
3.5.8.2