Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5368

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-5368
Last Modified 25 Jan 2013 11:58:13
Published 25 Oct 2012 06:51:29
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-5368

Summary

phpMyAdmin 3.5.x before 3.5.3 uses JavaScript code that is obtained through an HTTP session to phpmyadmin.net without SSL, which allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks by modifying this code.

Vulnerable Systems

Application

  • Phpmyadmin 3.5.0.0

  • Phpmyadmin 3.5.1.0

  • Phpmyadmin 3.5.2.0

  • Phpmyadmin 3.5.2.1

  • Phpmyadmin 3.5.2.2


References

CONFIRM - https://github.com/phpmyadmin/phpmyadmin/commit/a547f3d3e2cf36c6a904fa3e053fd8bddd3fbbb0

CONFIRM - https://github.com/phpmyadmin/phpmyadmin/commit/50edafc0884aa15d0a1aa178089ac6a1ad2eb18a

CONFIRM - http://www.phpmyadmin.net/home_page/security/PMASA-2012-7.php

SUSE - openSUSE-SU-2012:1507

BID - 55939


Last Updated: 27 May 2016 11:01:26