Fluid Attacks Database

Description

phpMyAdmin Multiple cross-site scripting (XSS) vulnerabilities Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving a JavaScript event in (1) an anchor identifier to setup/index.php or (2) a chartTitle (aka chart title) value.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
packagist	phpmyadmin/phpmyadmin	>=3.5 <3.5.8.2	3.5.8.2
debian 12	phpmyadmin	>=0 <4:4.0.4.2-1	4:4.0.4.2-1
debian 11	phpmyadmin	>=0 <4:4.0.4.2-1	4:4.0.4.2-1
debian 13	phpmyadmin	>=0 <4:4.0.4.2-1	4:4.0.4.2-1

Aliases

1. CVE-2013-49972. NVD-2013-49973. OSV-2013-49974. OSV-DEBIAN-2013-49975. GCVE-2013-49976. SECURITY-TRACKER-CVE-2013-4997

References

1. http://www.phpmyadmin.net/home_page/security/PMASA-2013-9.php

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.