- Description
- Multiple cross-site scripting (XSS) vulnerabilities in the partition-range implementation in templates/table/structure/display_partitions.phtml in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via crafted table parameters.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 3.0
- Type
- Primary
- Base score
- 6.1
- Impact score
- 2.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
- nvd@nist.gov
- CWE-79
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C641F362-D37D-47CB-BE6C-36E5F116F844"
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.0:alpha1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A0EA8819-70F8-48DC-8667-6CF25E7D9C53"
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.0:rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DD2796DA-3E74-4765-90D1-783849C7A44C"
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.0:rc2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4024DA77-BFE4-48C6-A2AF-46003071BDE8"
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "85631B69-7060-42D1-AE24-466BA10EB390"
},
{
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E62EDC79-47AA-4CED-AB7F-1E4D158EB653"
}
],
"operator": "OR"
}
]
}
]