CVE-2011-4780

{"id": "CVE-2011-4780", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2011-12-22T20:55:00.983", "references": [{"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071523.html", "source": "cve@mitre.org"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071537.html", "source": "cve@mitre.org"}, {"url": "http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=bd3735ba584e7a49aee78813845245354b061f61", "source": "cve@mitre.org"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:198", "source": "cve@mitre.org"}, {"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2011-20.php", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/51226", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in libraries/display_export.lib.php in phpMyAdmin 3.4.x before 3.4.9 allow remote attackers to inject arbitrary web script or HTML via crafted URL parameters, related to the export panels in the (1) server, (2) database, and (3) table sections."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en libraries/display_export.lib.php en phpMyAdmin v3.4.x antes de v3.4.9, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de un los siguientes par\u00e1metros de URL modificados (1) server, (2) database, y(3) table sections,"}], "lastModified": "2023-11-07T02:09:36.250", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2C714361-7AE3-4DC2-994C-7C67B41226B0"}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A3CED16-3ECE-49F6-A52B-0222B14DBC88"}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E4938BCE-1365-469A-B714-A5D9C451FA20"}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "35F46942-E054-43E4-9543-E126738845E2"}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A1A24EBE-D760-4251-972E-86B71EC8A07D"}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9AC8F001-B2D6-49AD-94E7-673E8BEC958C"}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AE9EFA08-1838-46A9-A851-A0540C60739D"}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B231B0D4-F971-4D4F-97CE-74951DF2B681"}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FF6604AE-12E8-43F8-9170-557009F34928"}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CD67845D-C1AD-46EF-A2EF-6C979E3363BF"}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6044293D-28C5-4B35-B046-E8984A2AA029"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}