CVE-2011-4780

Phpmyadmin - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in libraries/display_export.lib.php in phpMyAdmin 3.4.x before 3.4.9 allow remote attackers to inject arbitrary web script or HTML via crafted URL parameters, related to the export panels in the (1) server, (2) database, and (3) table sections.

References (6)

[Product] http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=bd3735ba584e7a49aee78813845245354b061f61

[Vendor Advisory] http://www.mandriva.com/security/advisories?name=MDVSA-2011:198

[Patch, Vendor Advisory] http://www.phpmyadmin.net/home_page/security/PMASA-2011-20.php

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/51226

[Mailing List, Third Party Advisory] http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071523.html

[Mailing List, Third Party Advisory] http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071537.html

Scores

EPSS 0.0047

EPSS Percentile 64.6%

Classification

CWE

CWE-79

Status published

Affected Products (12)

phpmyadmin/phpmyadmin

phpmyadmin/phpmyadmin

phpmyadmin/phpmyadmin

phpmyadmin/phpmyadmin

phpmyadmin/phpmyadmin

phpmyadmin/phpmyadmin

phpmyadmin/phpmyadmin

phpmyadmin/phpmyadmin

phpmyadmin/phpmyadmin

phpmyadmin/phpmyadmin

phpmyadmin/phpmyadmin

n/a/n/a

Timeline

Published Dec 22, 2011

Tracked Since Feb 18, 2026