CVE-2012-5339
phpMyAdmin 3.5.x < 3.5.3 - Authenticated Cross-Site Scripting via Event, Procedure, or Trigger Name
Title source: llmDescription
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.3 allow remote authenticated users to inject arbitrary web script or HTML via a crafted name of (1) an event, (2) a procedure, or (3) a trigger.
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/55925
Patch x_refsource_confirm
https://github.com/phpmyadmin/phpmyadmin/commit/6ea8fad3f999bfdf79eb6fe31309592bca54d611
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2012-11/msg00033.html
Patch x_refsource_confirm
https://github.com/phpmyadmin/phpmyadmin/commit/cfd688d2512df9827a8ecc0412fc264fc5bcb186
Patch, Vendor Advisory x_refsource_confirm
http://www.phpmyadmin.net/home_page/security/PMASA-2012-6.php
Scores
EPSS
0.0021
EPSS Percentile
43.0%
Details
CWE
CWE-79
Status
published
Products (6)
phpmyadmin/phpmyadmin
3.5.0.0
phpmyadmin/phpmyadmin
3.5.1.0
phpmyadmin/phpmyadmin
3.5.2.0
phpmyadmin/phpmyadmin
3.5.2.1
phpmyadmin/phpmyadmin
3.5.2.2
phpmyadmin/phpmyadmin
3.5 - 3.5.3Packagist
Published
Oct 25, 2012
Tracked Since
Feb 18, 2026