VDB
CVE-2011-3592
CVE-2011-3592
PUBLISHED
CVSS 3.5 LOW
Multiple cross-site scripting (XSS) vulnerabilities in the PMA_unInlineEditRow function in js/sql.js in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a (1) database name, (2) table name, or (3) column name that is not properly handled after an inline-editing operation.
EPSS 0.18% · 39.4th percentile
Risk Scores
CVSS 2.0
3.5
EPSS Score
0.18%
39.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| phpmyadmin | phpmyadmin | 3.4.0.0, 3.4.2.0, 3.4.3.0 |
| phpmyadmin | phpmyadmin | 3.4.0 |
Timeline
- Dec 26, 2014 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- https://github.com/phpmyadmin/phpmyadmin/commit/2f28ce9c800274190418da0945ce3647d36e1db6 url
- [oss-security] 20110930 Re: CVE Request --- phpMyAdmin -- Multiple XSS flaws in versions v3.4.0 to v3.4.4 (PMASA-2011-14) mailing-list
- http://www.phpmyadmin.net/home_page/security/PMASA-2011-14.php url
- https://bugzilla.redhat.com/show_bug.cgi?id=738681 url
- https://nvd.nist.gov/vuln/detail/CVE-2011-3592 advisory
- https://github.com/phpmyadmin/phpmyadmin/commit/bda213c58aec44925be661acb0e76c19483ea170 url
- https://github.com/phpmyadmin/composer package