CVE-2013-3742
phpMyAdmin 4.x < 4.0.3 - Authenticated Cross-Site Scripting via Create View Error Message
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in view_create.php (aka the Create View page) in phpMyAdmin 4.x before 4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via an invalid SQL CREATE VIEW statement with a crafted name that triggers an error message.
References (2)
Core 2
Core References
Patch x_refsource_confirm
https://github.com/phpmyadmin/phpmyadmin/commit/9b3551601ce714adb5e3f428476052f0ec6093bf
Vendor Advisory x_refsource_confirm
http://www.phpmyadmin.net/home_page/security/PMASA-2013-6.php
Scores
EPSS
0.0019
EPSS Percentile
39.8%
Details
CWE
CWE-79
Status
published
Products (3)
phpmyadmin/phpmyadmin
4.0.0 (3 CPE variants)
phpmyadmin/phpmyadmin
4.0.1
phpmyadmin/phpmyadmin
4.0.2
Published
Jul 04, 2013
Tracked Since
Feb 18, 2026