Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.6.0-pl2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PmaAbsoluteUri parameter, (2) the zero_rows parameter in read_dump.php, (3) the confirm form, or (4) an error message generated by the internal phpMyAdmin parser.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Phpmyadmin | Phpmyadmin | 2.5.0 |
| Gentoo | Linux | 1.4 |
References
- http://www.netvigilance.com/html/advisory0005.htmExploitVendor Advisory
- http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2004-3Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18158
- http://www.netvigilance.com/html/advisory0005.htmExploitVendor Advisory
- http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2004-3Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18158
FAQ
What is CVE-2004-1055?
CVE-2004-1055 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.6.0-pl2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PmaAbsoluteUri parameter, (2) the zero...
How severe is CVE-2004-1055?
CVE-2004-1055 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-1055?
Check the references section above for vendor advisories and patch information. Affected products include: Phpmyadmin Phpmyadmin, Gentoo Linux.