CVE-2013-5001
phpMyAdmin 4.0.x < 4.0.4.2 - Authenticated Cross-Site Scripting via TextLinkTransformationPlugin
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php in phpMyAdmin 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted object name associated with a TextLinkTransformationPlugin link.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
http://www.phpmyadmin.net/home_page/security/PMASA-2013-13.php
Scores
EPSS
0.0019
EPSS Percentile
39.8%
Details
CWE
CWE-79
Status
published
Products (6)
phpmyadmin/phpmyadmin
4.0.0 (3 CPE variants)
phpmyadmin/phpmyadmin
4.0.1
phpmyadmin/phpmyadmin
4.0.2
phpmyadmin/phpmyadmin
4.0.3
phpmyadmin/phpmyadmin
4.0.4
phpmyadmin/phpmyadmin
4.0.4.1
Published
Jul 31, 2013
Tracked Since
Feb 18, 2026