Fluid Attacks Database

Description

phpMyAdmin XSS when checking tables An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the check tables feature. A crafted table or database name could be used for XSS.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	phpmyadmin	=4:5.0.4+dfsg2-2 \|\| =4:5.0.4+dfsg2-2+deb11u1 \|\| >=0 <4:5.0.4+dfsg2-2+deb11u2	4:5.0.4+dfsg2-2+deb11u2
debian 12	phpmyadmin	=4:5.2.1+dfsg-1 \|\| >=0 <4:5.2.1+dfsg-1+deb12u1	4:5.2.1+dfsg-1+deb12u1
debian 13	phpmyadmin	>=0 <4:5.2.2-really5.2.2+20250121+dfsg-1	4:5.2.2-really5.2.2+20250121+dfsg-1
packagist	phpmyadmin/phpmyadmin	>=5.0.0 <5.2.2	5.2.2

Aliases

1. CVE-2025-245302. NVD-2025-245303. OSV-DEBIAN-2025-245304. OSV-2025-245305. GCVE-2025-245306. SECURITY-TRACKER-CVE-2025-245307. lists.debian.org

References

1. https://github.com/phpmyadmin/phpmyadmin/commit/23c13a81709728089ff031e5b1c29b5e91baa6a72. https://www.phpmyadmin.net/security/PMASA-2025-1