CVE-2012-4345
phpMyAdmin 3.4.x < 3.4.11.1 and 3.5.x < 3.5.2.2 - Authenticated Cross-Site Scripting via Crafted Table Name
Title source: llmDescription
Multiple cross-site scripting (XSS) vulnerabilities in the Database Structure page in phpMyAdmin 3.4.x before 3.4.11.1 and 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) a crafted table name during table creation, or a (2) Empty link or (3) Drop link for a crafted table name.
References (3)
Core 3
Core References
Patch, Vendor Advisory x_refsource_confirm
http://www.phpmyadmin.net/home_page/security/PMASA-2012-4.php
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2012:136
Various Sources vendor-advisory
x_refsource_suse
https://hermes.opensuse.org/messages/15513071
Scores
EPSS
0.0021
EPSS Percentile
43.1%
Details
CWE
CWE-79
Status
published
Products (22)
phpmyadmin/phpmyadmin
3.4.0.0
phpmyadmin/phpmyadmin
3.4.1.0
phpmyadmin/phpmyadmin
3.4.2.0
phpmyadmin/phpmyadmin
3.4.3.0
phpmyadmin/phpmyadmin
3.4.3.1
phpmyadmin/phpmyadmin
3.4.3.2
phpmyadmin/phpmyadmin
3.4.4.0
phpmyadmin/phpmyadmin
3.4.5.0
phpmyadmin/phpmyadmin
3.4.6.0
phpmyadmin/phpmyadmin
3.4.7.0
... and 12 more
Published
Aug 21, 2012
Tracked Since
Feb 18, 2026