FLAT-8AP6N – Vulnerability | Fluid Attacks Database

Database

Description

phpMyAdmin Cross-site Scripting (XSS) phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 13	phpmyadmin	>=0 <4:4.9.7+dfsg1-1	4:4.9.7+dfsg1-1
packagist	phpmyadmin/phpmyadmin	>=4.9.0 <4.9.6 \|\| >=5.0.0 <5.0.3	4.9.6, 5.0.3
debian 12	phpmyadmin	>=0 <4:4.9.7+dfsg1-1	4:4.9.7+dfsg1-1
debian 11	phpmyadmin	>=0 <4:4.9.7+dfsg1-1	4:4.9.7+dfsg1-1

Aliases

1. CVE-2020-269342. NVD-2020-269343. OSV-DEBIAN-2020-269344. OSV-2020-269345. GCVE-2020-269346. SECURITY-TRACKER-CVE-2020-269347. lists.debian.org8. security.gentoo.org

References

1. https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-26934.yaml2. https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FHST4E5IJG7IKZTTW3R6MEZPVHJZ472K3. https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PXK37YEHSDYCIPQSYEMN2OFTP2ZLM7DO4. https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNLGHVDNAEZEGRTUESSSQFM7MZTHIDQ55. https://lists.fedoraproject.org/archives/list/[email protected]/message/FHST4E5IJG7IKZTTW3R6MEZPVHJZ472K6. https://lists.fedoraproject.org/archives/list/[email protected]/message/PXK37YEHSDYCIPQSYEMN2OFTP2ZLM7DO7. https://lists.fedoraproject.org/archives/list/[email protected]/message/TNLGHVDNAEZEGRTUESSSQFM7MZTHIDQ58. https://www.phpmyadmin.net/security/PMASA-2020-59. http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00027.html10. http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html