CVE-2006-2417
phpMyAdmin 2.8.0.x < 2.8.0.4 - Cross-Site Scripting via Theme Parameter
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.x before 2.8.0.4 allows remote attackers to inject arbitrary web script or HTML via the theme parameter in unknown scripts. NOTE: the lang parameter is already covered by CVE-2006-2031.
References (7)
Core 7
Core References
Various Sources vendor-advisory
x_refsource_suse
http://lists.suse.com/archive/suse-security-announce/2006-Jun/0003.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/20627
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/26444
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/17973
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/1794
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/20113
Patch, Vendor Advisory x_refsource_confirm
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-2
Scores
EPSS
0.0058
EPSS Percentile
69.1%
Details
CWE
CWE-79
Status
published
Products (3)
phpmyadmin/phpmyadmin
2.8.0.1
phpmyadmin/phpmyadmin
2.8.0.2
phpmyadmin/phpmyadmin
2.8.0.3
Published
May 16, 2006
Tracked Since
Feb 18, 2026