Multiple cross-site scripting (XSS) vulnerabilities in the Tracking feature in phpMyAdmin 3.3.x before 3.3.10.4 and 3.4.x before 3.4.4 allow remote attackers to inject arbitrary web script or HTML via a (1) table name, (2) column name, or (3) index name.
2011-08-29T17:55:01.033
2025-04-11T00:51:21.963
Deferred
CVSSv2: 4.3 (MEDIUM)
AV:N/AC:M/Au:N/C:N/I:P/A:N
8.6
2.9
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Application | phpmyadmin | phpmyadmin | 3.3.0.0 | Yes |
Application | phpmyadmin | phpmyadmin | 3.3.1.0 | Yes |
Application | phpmyadmin | phpmyadmin | 3.3.2.0 | Yes |
Application | phpmyadmin | phpmyadmin | 3.3.3.0 | Yes |
Application | phpmyadmin | phpmyadmin | 3.3.4.0 | Yes |
Application | phpmyadmin | phpmyadmin | 3.3.5.0 | Yes |
Application | phpmyadmin | phpmyadmin | 3.3.5.1 | Yes |
Application | phpmyadmin | phpmyadmin | 3.3.6 | Yes |
Application | phpmyadmin | phpmyadmin | 3.3.7 | Yes |
Application | phpmyadmin | phpmyadmin | 3.3.8 | Yes |
Application | phpmyadmin | phpmyadmin | 3.3.8.1 | Yes |
Application | phpmyadmin | phpmyadmin | 3.3.9.0 | Yes |
Application | phpmyadmin | phpmyadmin | 3.3.9.1 | Yes |
Application | phpmyadmin | phpmyadmin | 3.3.9.2 | Yes |
Application | phpmyadmin | phpmyadmin | 3.3.10.0 | Yes |
Application | phpmyadmin | phpmyadmin | 3.3.10.1 | Yes |
Application | phpmyadmin | phpmyadmin | 3.3.10.2 | Yes |
Application | phpmyadmin | phpmyadmin | 3.3.10.3 | Yes |
Application | phpmyadmin | phpmyadmin | 3.4.0.0 | Yes |
Application | phpmyadmin | phpmyadmin | 3.4.1.0 | Yes |
Application | phpmyadmin | phpmyadmin | 3.4.2.0 | Yes |
Application | phpmyadmin | phpmyadmin | 3.4.3.0 | Yes |
Application | phpmyadmin | phpmyadmin | 3.4.3.1 | Yes |
Application | phpmyadmin | phpmyadmin | 3.4.3.2 | Yes |