CVE-2006-1678
phpMyAdmin < 2.8.0.3 - Cross-Site Scripting via Themes Directory
Title source: llmDescription
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.8.0.3 allow remote attackers to inject arbitrary web script or HTML via unknown vectors in unspecified scripts in the themes directory.
References (10)
Core 10
Core References
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2006/dsa-1207
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/22781
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/24450
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/25689
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/17390
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/19556
Patch x_refsource_confirm
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-1
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/1263
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/19897
Vendor Advisory vendor-advisory
x_refsource_suse
http://www.novell.com/linux/security/advisories/2006_04_28.html
Scores
EPSS
0.0103
EPSS Percentile
77.6%
Details
Status
published
Products (50)
phpmyadmin/phpmyadmin
2.0.0
phpmyadmin/phpmyadmin
2.0.1
phpmyadmin/phpmyadmin
2.0.2
phpmyadmin/phpmyadmin
2.0.3
phpmyadmin/phpmyadmin
2.0.4
phpmyadmin/phpmyadmin
2.0.5
phpmyadmin/phpmyadmin
2.1.0
phpmyadmin/phpmyadmin
2.1.1
phpmyadmin/phpmyadmin
2.1.2
phpmyadmin/phpmyadmin
2.2.0
... and 40 more
Published
Apr 11, 2006
Tracked Since
Feb 18, 2026