CVE-2013-4995

UNKNOWN

Cross-site scripting (XSS) vulnerability in phpMyAdmin 3

Published Jul 30, 2013

Modified 1 years ago

Details

Cross-site scripting (XSS) vulnerability in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted SQL query that is not properly handled during the display of row information.

References

ADVISORYhttp://secunia.com/advisories/59832 WEBhttp://www.phpmyadmin.net/home_page/security/PMASA-2013-8.php WEBhttp://www.securityfocus.com/bid/61510 ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2013-4995

CVSS Analysis

CVSS v2.0

3.5

Exploitability

Access Vector

NetworkAV:N

Access Complexity

MediumAC:M

Authentication

SingleAu:S

Impact

Confidentiality

NoneC:N

Integrity

PartialI:P

Availability

NoneA:N

3.5/AV:N/AC:M/Au:S/C:N/I:P/A:N

Ecosystems

Timeline

PublishedJul 30, 2013

ModifiedAug 6, 2024