Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5339

Overview

Vulnerability Score 3.5 3.5
CVE Id CVE-2012-5339
Last Modified 25 Jan 2013 11:58:10
Published 25 Oct 2012 06:51:28
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2012-5339

Summary

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.3 allow remote authenticated users to inject arbitrary web script or HTML via a crafted name of (1) an event, (2) a procedure, or (3) a trigger.

Vulnerable Systems

Application

  • Phpmyadmin 3.5.0.0

  • Phpmyadmin 3.5.1.0

  • Phpmyadmin 3.5.2.0

  • Phpmyadmin 3.5.2.1

  • Phpmyadmin 3.5.2.2


References

CONFIRM - https://github.com/phpmyadmin/phpmyadmin/commit/cfd688d2512df9827a8ecc0412fc264fc5bcb186

CONFIRM - https://github.com/phpmyadmin/phpmyadmin/commit/6ea8fad3f999bfdf79eb6fe31309592bca54d611

CONFIRM - http://www.phpmyadmin.net/home_page/security/PMASA-2012-6.php

SUSE - openSUSE-SU-2012:1507

BID - 55925


Last Updated: 27 May 2016 11:01:26