Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-3598

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2011-3598
Last Modified 15 May 2014 11:56:11
Published 07 Oct 2011 10:52:52
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-3598

Summary

Multiple cross-site scripting (XSS) vulnerabilities in phpPgAdmin before 5.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) a web page title, related to classes/Misc.php; or the (2) return_url or (3) return_desc parameter to display.php.

Vulnerable Systems

Application

  • Phppgadmin 2.2

  • Phppgadmin 2.2.1

  • Phppgadmin 3.1

  • Phppgadmin 3.2

  • Phppgadmin 3.3

  • Phppgadmin 3.4

  • Phppgadmin 3.4.1

  • Phppgadmin 3.5

  • Phppgadmin 3.5.2

  • Phppgadmin 3.5.3

  • Phppgadmin 4.1.1

  • Phppgadmin 4.2.1

  • Phppgadmin 4.2.2

  • Phppgadmin 4.2.3

  • Phppgadmin 5.0.0

  • Phppgadmin 5.0.1

  • Phppgadmin 5.0.2


References

CONFIRM - https://github.com/phppgadmin/phppgadmin/commit/1df248203de055f97e092b50b1dd9643ccb73842

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=743205

MLIST - [oss-security] 20111004 Re: CVE Request -- phpPgAdmin -- Multiple XSS flaws fixed in v5.0.3

MLIST - [oss-security] 20111004 CVE Request -- phpPgAdmin -- Multiple XSS flaws fixed in v5.0.3

MLIST - [phppgadmin-news] 20111003 [ppa-news] phpPgAdmin 5.0.3 released

CONFIRM - https://bugs.gentoo.org/show_bug.cgi?id=385505

BID - 49914

SECUNIA - 46426

SECUNIA - 46248

OSVDB - 75998

OSVDB - 75997

FEDORA - FEDORA-2011-13748

FEDORA - FEDORA-2011-13801

FEDORA - FEDORA-2011-13805

CONFIRM - http://freshmeat.net/projects/phppgadmin/releases/336969

SUSE - openSUSE-SU-2012:0493


Last Updated: 27 May 2016 11:05:17