CVE-2013-4996

Published Jul 31, 2013

Last updated 8 years ago

Overview

Description: Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a crafted database name, (2) a crafted user name, (3) a crafted logo URL in the navigation panel, (4) a crafted entry in a certain proxy list, or (5) crafted content in a version.json file.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2577DB75-9893-4496-B9B8-22F4D7C70D8B"
          },
          {
            "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3BBC76AB-567B-4081-8520-D4BB2211CA91"
          },
          {
            "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EDFD7186-12C3-4FA6-951E-288063262EAE"
          },
          {
            "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C4E23EA5-8FD8-441A-8CB6-F1E77AA0D73B"
          },
          {
            "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B5FE1328-F2E1-45C8-80ED-0560DAB666EE"
          },
          {
            "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EC675B47-0373-442E-9BCD-35D79355073C"
          },
          {
            "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "96E2C613-B1E9-4DB5-AA7D-165E5093452F"
          },
          {
            "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7B0E7188-E3DE-4A9C-9B9B-31E7276F74AF"
          },
          {
            "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3E6D5B72-CA57-4054-B002-56C03856D740"
          },
          {
            "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "71325EEA-441A-4D04-85E1-B7627C15ECE8"
          },
          {
            "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.7:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EE098CE1-0FA0-48C0-8F9F-CC9150E96C40"
          },
          {
            "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C6CBB65B-F6F8-4B5C-9782-4ECCEAB756E5"
          },
          {
            "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.8:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "56245F7F-C483-42C1-9D30-AA39C3441591"
          },
          {
            "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.8.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "022DB5CB-E815-484A-BA40-2267E864D825"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2F06DC95-76B1-4E24-A55F-1358A25ED0E5"
          },
          {
            "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.0:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B406A721-0075-46C8-A920-3C9602AD667B"
          },
          {
            "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.0:rc3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C8AE4653-1911-4A58-85DD-51E0578E788E"
          },
          {
            "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2CA76CB4-6167-446A-8D4F-6D5B38046334"
          },
          {
            "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B8D28655-7F37-474D-A4E2-772AF24B94E7"
          },
          {
            "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1FA1951E-BD85-42BF-BF7F-79A14D165914"
          },
          {
            "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0D08BEE8-5ACF-438D-9F06-86C6227C9A5F"
          },
          {
            "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "58DD0910-DBBA-4858-B9B1-FA93D08323D0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References