CVE-2009-1150

phpMyAdmin 2.11.x < 2.11.9.5 and 3.x < 3.1.3.1 - Cross-Site Scripting via pma_db_filename_template Cookie

Title source: llm
STIX 2.1

Description

Multiple cross-site scripting (XSS) vulnerabilities in the export page (display_export.lib.php) in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allow remote attackers to inject arbitrary web script or HTML via the pma_db_filename_template cookie.

References (11)

Core 11
Core References
Patch, Vendor Advisory x_refsource_confirm
http://www.phpmyadmin.net/home_page/security/PMASA-2009-2.php
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200906-03.xml
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/34251
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34642
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2009/dsa-1824
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2009:115
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34430
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35635
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35585

Scores

EPSS 0.0075
EPSS Percentile 73.4%

Details

CWE
CWE-79
Status published
Products (31)
phpmyadmin/phpmyadmin 2.11.0 (3 CPE variants)
phpmyadmin/phpmyadmin 2.11.1 (2 CPE variants)
phpmyadmin/phpmyadmin 2.11.1.0
phpmyadmin/phpmyadmin 2.11.1.1
phpmyadmin/phpmyadmin 2.11.1.2
phpmyadmin/phpmyadmin 2.11.2
phpmyadmin/phpmyadmin 2.11.2.0
phpmyadmin/phpmyadmin 2.11.2.1
phpmyadmin/phpmyadmin 2.11.2.2
phpmyadmin/phpmyadmin 2.11.3 (2 CPE variants)
... and 21 more
Published Mar 26, 2009
Tracked Since Feb 18, 2026