Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-26934

phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link.

Published

2020-10-10T19:15:12.307

Last Modified

2024-11-21T05:20:32.020

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.1 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: PARTIAL
  • Availability Impact: NONE
Exploitability Score

8.6

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-79
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application phpmyadmin phpmyadmin < 4.9.6 Yes
Application phpmyadmin phpmyadmin < 5.0.3 Yes
Application opensuse backports_sle 15.0 Yes
Application opensuse backports_sle 15.0 Yes
Application opensuse backports_sle 15.0 Yes
Operating System opensuse leap 15.1 Yes
Operating System opensuse leap 15.2 Yes
Operating System fedoraproject fedora 31 Yes
Operating System fedoraproject fedora 32 Yes
Operating System fedoraproject fedora 33 Yes
Operating System debian debian_linux 9.0 Yes
References