CVE-2004-1055

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.6.0-pl2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PmaAbsoluteUri parameter, (2) the zero_rows parameter in read_dump.php, (3) the confirm form, or (4) an error message generated by the internal phpMyAdmin parser.

Published: Mar 1, 2005
Updated: Apr 13, 2023
CVE: CVE-2004-1055
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
phpmyadmin / phpmyadmin	2.5.0	2.5.0.x
phpmyadmin / phpmyadmin	2.5.5_rc1	2.5.5_rc1.x
phpmyadmin / phpmyadmin	2.5.7_pl1	2.5.7_pl1.x
phpmyadmin / phpmyadmin	2.5.5	2.5.5.x
phpmyadmin / phpmyadmin	2.5.7	2.5.7.x
phpmyadmin / phpmyadmin	2.5.6_rc1	2.5.6_rc1.x
phpmyadmin / phpmyadmin	2.6.0_pl1	2.6.0_pl1.x
phpmyadmin / phpmyadmin	2.5.2	2.5.2.x
phpmyadmin / phpmyadmin	2.5.1	2.5.1.x
phpmyadmin / phpmyadmin	2.6.0_pl2	2.6.0_pl2.x
phpmyadmin / phpmyadmin	2.5.4	2.5.4.x
phpmyadmin / phpmyadmin	2.5.5_rc2	2.5.5_rc2.x
phpmyadmin / phpmyadmin	2.5.5_pl1	2.5.5_pl1.x
gentoo / linux	1.4-rc1	1.4-rc1.x
gentoo / linux	1.4-rc3	1.4-rc3.x
gentoo / linux	1.4	1.4.x
gentoo / linux	1.4-rc2	1.4-rc2.x

Vulnerability Database

289,599

CVE-2004-1055