CVE-2004-1055
phpMyAdmin <= 2.6.0-pl2 - Cross-Site Scripting via PmaAbsoluteUri Parameter
Title source: llmDescription
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.6.0-pl2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PmaAbsoluteUri parameter, (2) the zero_rows parameter in read_dump.php, (3) the confirm form, or (4) an error message generated by the internal phpMyAdmin parser.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/18158
Exploit, Vendor Advisory x_refsource_misc
http://www.netvigilance.com/html/advisory0005.htm
Exploit x_refsource_confirm
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2004-3
Scores
EPSS
0.0117
EPSS Percentile
78.9%
Details
Status
published
Products (14)
gentoo/linux
1.4 (4 CPE variants)
phpmyadmin/phpmyadmin
2.5.0
phpmyadmin/phpmyadmin
2.5.1
phpmyadmin/phpmyadmin
2.5.2
phpmyadmin/phpmyadmin
2.5.4
phpmyadmin/phpmyadmin
2.5.5
phpmyadmin/phpmyadmin
2.5.5_pl1
phpmyadmin/phpmyadmin
2.5.5_rc1
phpmyadmin/phpmyadmin
2.5.5_rc2
phpmyadmin/phpmyadmin
2.5.6_rc1
... and 4 more
Published
Mar 01, 2005
Tracked Since
Feb 18, 2026