DescriptionMultiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 184.108.40.206 and 4.0.x before 220.127.116.11 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a crafted database name, (2) a crafted user name, (3) a crafted logo URL in the navigation panel, (4) a crafted entry in a certain proxy list, or (5) crafted content in a version.json file.
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having moderate severity.
|National Vulnerability Database|
List of released packages
|Product(s)||Fixed package version(s)||References|
|openSUSE Tumbleweed|| ||Patchnames: |
openSUSE Tumbleweed GA phpMyAdmin-18.104.22.168-1.1
SUSE Timeline for this CVECVE page created: Wed Jul 31 17:15:31 2013
CVE page last modified: Fri Oct 7 12:46:35 2022