CVE-2011-1940

phpMyAdmin <3.3.10.1-3.4.1 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.3.x before 3.3.10.1 and 3.4.x before 3.4.1 allow remote attackers to inject arbitrary web script or HTML via a crafted table name that triggers improper HTML rendering on a Tracking page, related to (1) libraries/tbl_links.inc.php and (2) tbl_tracking.php.

References (4)

[Product] http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commitdiff%3Bh=7e10c132a3887c8ebfd7a8eee356b28375f1e287

[Product] http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commitdiff%3Bh=d3ccf798fdbd4f8a89d4088130637d8dee918492

[Patch, Vendor Advisory] http://www.phpmyadmin.net/home_page/security/PMASA-2011-3.php

[Third Party Advisory] http://www.debian.org/security/2012/dsa-2391

Scores

EPSS 0.0029

EPSS Percentile 51.6%

Classification

CWE

CWE-79

Status published

Affected Products (18)

phpmyadmin/phpmyadmin

... and 3 more

Timeline

Published Jan 26, 2012

Tracked Since Feb 18, 2026