CVE-2011-4780
phpMyAdmin 3.4.x < 3.4.9 - Cross-Site Scripting via Export Panel URL Parameters
Title source: llmDescription
Multiple cross-site scripting (XSS) vulnerabilities in libraries/display_export.lib.php in phpMyAdmin 3.4.x before 3.4.9 allow remote attackers to inject arbitrary web script or HTML via crafted URL parameters, related to the export panels in the (1) server, (2) database, and (3) table sections.
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/51226
Product x_refsource_confirm
http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=bd3735ba584e7a49aee78813845245354b061f61
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071523.html
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2011:198
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071537.html
Patch, Vendor Advisory x_refsource_confirm
http://www.phpmyadmin.net/home_page/security/PMASA-2011-20.php
Scores
EPSS
0.0047
EPSS Percentile
65.1%
Details
CWE
CWE-79
Status
published
Products (11)
phpmyadmin/phpmyadmin
3.4.0.0
phpmyadmin/phpmyadmin
3.4.1.0
phpmyadmin/phpmyadmin
3.4.2.0
phpmyadmin/phpmyadmin
3.4.3.0
phpmyadmin/phpmyadmin
3.4.3.1
phpmyadmin/phpmyadmin
3.4.3.2
phpmyadmin/phpmyadmin
3.4.4.0
phpmyadmin/phpmyadmin
3.4.5.0
phpmyadmin/phpmyadmin
3.4.6.0
phpmyadmin/phpmyadmin
3.4.7.0
... and 1 more
Published
Dec 22, 2011
Tracked Since
Feb 18, 2026