Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1055

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2004-1055
Last Modified 10 Sep 2008 03:28:52
Published 01 Mar 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2004-1055

Summary

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.6.0-pl2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PmaAbsoluteUri parameter, (2) the zero_rows parameter in read_dump.php, (3) the confirm form, or (4) an error message generated by the internal phpMyAdmin parser.

Vulnerable Systems

Operating System

  • Gentoo Linux 1.4

Application

  • Phpmyadmin 2.5.0

  • Phpmyadmin 2.5.1

  • Phpmyadmin 2.5.2

  • Phpmyadmin 2.5.4

  • Phpmyadmin 2.5.5

  • Phpmyadmin 2.5.5 Pl1

  • Phpmyadmin 2.5.5 Rc1

  • Phpmyadmin 2.5.5 Rc2

  • Phpmyadmin 2.5.6 Rc1

  • Phpmyadmin 2.5.7

  • Phpmyadmin 2.5.7 Pl1

  • Phpmyadmin 2.6.0 Pl1

  • Phpmyadmin 2.6.0 Pl2


References

XF - phpmyadmin-multiple-xss(18158)

CONFIRM - http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2004-3

MISC - http://www.netvigilance.com/html/advisory0005.htm


Last Updated: 27 May 2016 10:38:52