Fluid Attacks Database

Description

phpMyAdmin XSS Vulnerability An issue was discovered in js/designer/move.js in phpMyAdmin before 4.8.2. A Cross-Site Scripting vulnerability has been found where an attacker can use a crafted database name to trigger an XSS attack when that database is referenced from the Designer feature.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
packagist	phpmyadmin/phpmyadmin	>=0 <4.8.2	4.8.2
debian 13	phpmyadmin	>=0 <4:4.9.1+dfsg1-2	4:4.9.1+dfsg1-2
debian 11	phpmyadmin	>=0 <4:4.9.1+dfsg1-2	4:4.9.1+dfsg1-2
debian 12	phpmyadmin	>=0 <4:4.9.1+dfsg1-2	4:4.9.1+dfsg1-2

Aliases

1. CVE-2018-125812. NVD-2018-125813. OSV-2018-125814. OSV-DEBIAN-2018-125815. GCVE-2018-125816. SECURITY-TRACKER-CVE-2018-12581

References

1. https://github.com/phpmyadmin/phpmyadmin/commit/6943fff87324bd54c3a37a5160a5fb77498c355e2. https://web.archive.org/web/20210124181711/http://www.securityfocus.com/bid/1045303. https://web.archive.org/web/20210413204012/http://www.securitytracker.com/id/10411874. https://www.phpmyadmin.net/security/PMASA-2018-3