CVE-2010-4329

phpMyAdmin 2.11.x < 2.11.11.1 and 3.x < 3.3.8.1 - Cross-Site Scripting via PMA_linkOrButton Function

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in the PMA_linkOrButton function in libraries/common.lib.php in the database (db) search script in phpMyAdmin 2.11.x before 2.11.11.1 and 3.x before 3.3.8.1 allows remote attackers to inject arbitrary web script or HTML via a crafted request.

References (16)

Core 16

Core References

Patch x_refsource_confirm

http://www.phpmyadmin.net/home_page/security/PMASA-2010-8.php

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2010:244

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2011/0001

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/45100

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051956.html

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2010/dsa-2139

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/42477

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2010/3082

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051942.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/69516

Product x_refsource_confirm

http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commitdiff%3Bh=e1f4901ffc400b6d2df15eac0ba5015fe48a27c4

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2010/3087

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2010/3158

Product x_refsource_confirm

http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commitdiff%3Bh=4341818d73d454451f024950a4ce0141608ac7f8

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/42725

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/42408

Scores

EPSS 0.0072

EPSS Percentile 72.7%

Details

CWE

CWE-79

Status published

Products (38)

phpmyadmin/phpmyadmin 2.11.0

phpmyadmin/phpmyadmin 2.11.1.0

phpmyadmin/phpmyadmin 2.11.1.1

phpmyadmin/phpmyadmin 2.11.1.2

phpmyadmin/phpmyadmin 2.11.2.0

phpmyadmin/phpmyadmin 2.11.2.1

phpmyadmin/phpmyadmin 2.11.2.2

phpmyadmin/phpmyadmin 2.11.3.0

phpmyadmin/phpmyadmin 2.11.4.0

phpmyadmin/phpmyadmin 2.11.5.0

... and 28 more

Published Dec 02, 2010

Tracked Since Feb 18, 2026