CVE-2008-4326

phpMyAdmin < 2.11.9.2 - Cross-Site Scripting via NUL Byte Bypass

Title source: llm
STIX 2.1

Description

The PMA_escapeJsString function in libraries/js_escape.lib.php in phpMyAdmin before 2.11.9.2, when Internet Explorer is used, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via a NUL byte inside a "</script" sequence.

References (16)

Core 16
Core References
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2008/dsa-1675
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2657
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/48511
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2008/09/22/2
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/33822
Third Party Advisory third-party-advisory x_refsource_jvndb
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000061.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/32954
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31974
Third Party Advisory third-party-advisory x_refsource_jvn
http://jvn.jp/en/jp/JVN54824688/index.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31992

Scores

EPSS 0.0043
EPSS Percentile 62.4%

Details

CWE
CWE-79
Status published
Products (50)
phpmyadmin/phpmyadmin 2.0
phpmyadmin/phpmyadmin 2.0.0
phpmyadmin/phpmyadmin 2.0.1
phpmyadmin/phpmyadmin 2.0.2
phpmyadmin/phpmyadmin 2.0.3
phpmyadmin/phpmyadmin 2.0.4
phpmyadmin/phpmyadmin 2.0.5
phpmyadmin/phpmyadmin 2.1
phpmyadmin/phpmyadmin 2.1.0
phpmyadmin/phpmyadmin 2.1.1
... and 40 more
Published Sep 30, 2008
Tracked Since Feb 18, 2026