Cross-site Scripting (XSS) Affecting phpmyadmin package, versions <4:3.3.7-1
Threat Intelligence
EPSS
0.22% (61st
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-DEBIAN8-PHPMYADMIN-417791
- published 10 Sep 2010
- disclosed 10 Sep 2010
Introduced: 10 Sep 2010
CVE-2010-3263 Open this link in a new tabHow to fix?
Upgrade Debian:8 phpmyadmin to version 4:3.3.7-1 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream phpmyadmin package and not the phpmyadmin package as distributed by Debian.
See How to fix? for Debian:8 relevant fixed versions and status.
Cross-site scripting (XSS) vulnerability in setup/frames/index.inc.php in the setup script in phpMyAdmin 3.x before 3.3.7 allows remote attackers to inject arbitrary web script or HTML via a server name.
References
- https://security-tracker.debian.org/tracker/CVE-2010-3263
- http://www.phpmyadmin.net/home_page/security/PMASA-2010-7.php
- http://xforce.iss.net/xforce/xfdb/61675
- http://secunia.com/advisories/41210
- https://exchange.xforce.ibmcloud.com/vulnerabilities/61675
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:186
CVSS Scores
version 3.1