Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving a JavaScript event in (1) an anchor identifier to setup/index.php or (2) a chartTitle (aka chart title) value.
References
Link | Resource |
---|---|
http://www.phpmyadmin.net/home_page/security/PMASA-2013-9.php | Vendor Advisory |
http://www.phpmyadmin.net/home_page/security/PMASA-2013-9.php | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 01:56
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.phpmyadmin.net/home_page/security/PMASA-2013-9.php - Vendor Advisory |
Information
Published : 2013-07-31 13:20
Updated : 2024-11-21 01:56
NVD link : CVE-2013-4997
Mitre link : CVE-2013-4997
CVE.ORG link : CVE-2013-4997
JSON object : View
Products Affected
phpmyadmin
- phpmyadmin
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')