GHSA-r3pq-mp8v-cp33

Suggest an improvement
Source
https://github.com/advisories/GHSA-r3pq-mp8v-cp33
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-r3pq-mp8v-cp33/GHSA-r3pq-mp8v-cp33.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-r3pq-mp8v-cp33
Aliases
Published
2022-05-17T05:12:26Z
Modified
2023-11-01T04:44:49.092282Z
Summary
phpMyAdmin Multiple Cross-site Scripting Vulnerabilities in the Database Structure page
Details

Multiple cross-site scripting (XSS) vulnerabilities in the Database Structure page in phpMyAdmin 3.4.x before 3.4.11.1 and 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) a crafted table name during table creation, or a (2) Empty link or (3) Drop link for a crafted table name.

Database specific
{
    "nvd_published_at": "2012-08-21T23:55:00Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "LOW",
    "github_reviewed": true,
    "github_reviewed_at": "2023-08-29T21:41:11Z"
}
References

Affected packages

Packagist / phpmyadmin/phpmyadmin

Package

Name
phpmyadmin/phpmyadmin
Purl
pkg:composer/phpmyadmin/phpmyadmin

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.4
Fixed
3.4.11.1

Packagist / phpmyadmin/phpmyadmin

Package

Name
phpmyadmin/phpmyadmin
Purl
pkg:composer/phpmyadmin/phpmyadmin

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.5
Fixed
3.5.2.2