[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2011-3598Date: (C)2011-10-07   (M)2023-12-22


Multiple cross-site scripting (XSS) vulnerabilities in phpPgAdmin before 5.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) a web page title, related to classes/Misc.php; or the (2) return_url or (3) return_desc parameter to display.php.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECUNIA-46248
SECUNIA-46426
BID-49914
OSVDB-75997
OSVDB-75998
FEDORA-2011-13748
FEDORA-2011-13801
FEDORA-2011-13805
http://www.openwall.com/lists/oss-security/2011/10/04/1
http://www.openwall.com/lists/oss-security/2011/10/04/10
http://sourceforge.net/mailarchive/forum.php?thread_name=4E897F6C.90905%40free.fr&forum_name=phppgadmin-news
http://freshmeat.net/projects/phppgadmin/releases/336969
https://bugs.gentoo.org/show_bug.cgi?id=385505
https://bugzilla.redhat.com/show_bug.cgi?id=743205
https://github.com/phppgadmin/phppgadmin/commit/1df248203de055f97e092b50b1dd9643ccb73842
openSUSE-SU-2012:0493

CWE    1
CWE-79
OVAL    2
oval:org.secpod.oval:def:103181
oval:org.secpod.oval:def:103038

© SecPod Technologies