Vulnerability Name: | CVE-2004-1055 (CCN-18158) | ||||||||
Assigned: | 2004-11-19 | ||||||||
Published: | 2004-11-19 | ||||||||
Updated: | 2017-07-11 | ||||||||
Summary: | Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.6.0-pl2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PmaAbsoluteUri parameter, (2) the zero_rows parameter in read_dump.php, (3) the confirm form, or (4) an error message generated by the internal phpMyAdmin parser. | ||||||||
CVSS v3 Severity: | 5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
| ||||||||
Vulnerability Type: | CWE-Other | ||||||||
Vulnerability Consequences: | Gain Access | ||||||||
References: | Source: MITRE Type: CNA CVE-2004-1055 Source: CCN Type: GLSA-200411-36 phpMyAdmin: Multiple XSS vulnerabilities Source: CCN Type: netVigilance Security Advisory 5 Multiple XSS Vulnerabilities in phpMyAdmin 2.6.0-pl2 and prior Source: MISC Type: Exploit, Vendor Advisory http://www.netvigilance.com/html/advisory0005.htm Source: CCN Type: OSVDB ID: 11930 phpMyAdmin config.inc.php PmaAbsoluteUri Parameter XSS Source: CCN Type: OSVDB ID: 11931 phpMyAdmin read_dump.php zero_rows Parameter XSS Source: CCN Type: OSVDB ID: 11932 phpMyAdmin Confirm Page Form Multiple Parameter XSS Source: CCN Type: OSVDB ID: 12238 phpMyAdmin Error Message XSS Source: CCN Type: phpMyAdmin Download Web page Downloads Source: CCN Type: phpMyAdmin security announcement PMASA-2004-3 Multiple XSS vulnerability were found in phpMyAdmin, that may allow an attacker to conduct Cross-site scripting (XSS) attacks. Source: CONFIRM Type: Exploit http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2004-3 Source: CCN Type: BID-11707 PHPMyAdmin Multiple Remote Cross-Site Scripting Vulnerabilities Source: XF Type: UNKNOWN phpmyadmin-multiple-xss(18158) Source: XF Type: UNKNOWN phpmyadmin-multiple-xss(18158) Source: SUSE Type: SUSE-SR:2005:003 SUSE Security Summary Report | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration 2: Denotes that component is vulnerable | ||||||||
Oval Definitions | |||||||||
| |||||||||
BACK |