Vulnerability Description
Cross-site scripting (XSS) vulnerability in the PMA_linkOrButton function in libraries/common.lib.php in the database (db) search script in phpMyAdmin 2.11.x before 2.11.11.1 and 3.x before 3.3.8.1 allows remote attackers to inject arbitrary web script or HTML via a crafted request.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Phpmyadmin | Phpmyadmin | 2.11.0 |
Related Weaknesses (CWE)
References
- http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051942.h
- http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051956.h
- http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba
- http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba
- http://secunia.com/advisories/42408Vendor Advisory
- http://secunia.com/advisories/42477
- http://secunia.com/advisories/42725
- http://www.debian.org/security/2010/dsa-2139
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:244
- http://www.osvdb.org/69516
- http://www.phpmyadmin.net/home_page/security/PMASA-2010-8.phpPatch
- http://www.securityfocus.com/bid/45100
- http://www.vupen.com/english/advisories/2010/3082Vendor Advisory
- http://www.vupen.com/english/advisories/2010/3087
- http://www.vupen.com/english/advisories/2010/3158
FAQ
What is CVE-2010-4329?
CVE-2010-4329 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in the PMA_linkOrButton function in libraries/common.lib.php in the database (db) search script in phpMyAdmin 2.11.x before 2.11.11.1 and 3.x before 3.3.8.1 al...
How severe is CVE-2010-4329?
CVE-2010-4329 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-4329?
Check the references section above for vendor advisories and patch information. Affected products include: Phpmyadmin Phpmyadmin.