Fluid Attacks Database

Description

phpMyAdmin multiple cross-site scripting vulnerabilities Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.3 allow remote authenticated users to inject arbitrary web script or HTML via a crafted name of (1) an event, (2) a procedure, or (3) a trigger.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
packagist	phpmyadmin/phpmyadmin	>=3.5 <3.5.3	3.5.3

Aliases

1. CVE-2012-53392. NVD-2012-53393. OSV-2012-53394. GCVE-2012-5339

References

1. https://github.com/phpmyadmin/phpmyadmin/commit/6ea8fad3f999bfdf79eb6fe31309592bca54d6112. https://github.com/phpmyadmin/phpmyadmin/commit/cfd688d2512df9827a8ecc0412fc264fc5bcb1863. https://web.archive.org/web/20121020000514/http://www.securityfocus.com/bid/559254. http://lists.opensuse.org/opensuse-updates/2012-11/msg00033.html5. http://www.phpmyadmin.net/home_page/security/PMASA-2012-6.php

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.