CVE-2018-12581

MEDIUM

phpMyAdmin <4.8.2 - XSS

Title source: llm

Description

An issue was discovered in js/designer/move.js in phpMyAdmin before 4.8.2. A Cross-Site Scripting vulnerability has been found where an attacker can use a crafted database name to trigger an XSS attack when that database is referenced from the Designer feature.

References (3)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/104530

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1041187

[Patch, Vendor Advisory] https://www.phpmyadmin.net/security/PMASA-2018-3/

Scores

CVSS v3 6.1

EPSS 0.0062

EPSS Percentile 69.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Classification

CWE

CWE-79

Status published

Affected Products (2)

phpmyadmin/phpmyadmin < 4.8.2

phpmyadmin/phpmyadmin < 4.8.2Packagist

Timeline

Published Jun 21, 2018

Tracked Since Feb 18, 2026