CVE-2011-3598

Multiple cross-site scripting (XSS) vulnerabilities in phpPgAdmin before 5.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) a web page title, related to classes/Misc.php; or the (2) return_url or (3) return_desc parameter to display.php.

Published: Oct 8, 2011
Updated: Apr 13, 2023
CVE: CVE-2011-3598
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
phppgadmin / phppgadmin	3.4	3.4.x
phppgadmin / phppgadmin	3.5.3	3.5.3.x
phppgadmin / phppgadmin	2.2	2.2.x
phppgadmin / phppgadmin	4.2.1	4.2.1.x
phppgadmin / phppgadmin	3.1	3.1.x
phppgadmin / phppgadmin	5.0.1	5.0.1.x
phppgadmin / phppgadmin	3.4.1	3.4.1.x
phppgadmin / phppgadmin	3.3	3.3.x
phppgadmin / phppgadmin	4.1.1	4.1.1.x
phppgadmin / phppgadmin	-	5.0.2.x
phppgadmin / phppgadmin	2.2.1	2.2.1.x
phppgadmin / phppgadmin	4.2.3	4.2.3.x
phppgadmin / phppgadmin	3.5	3.5.x
phppgadmin / phppgadmin	4.2.2	4.2.2.x
phppgadmin / phppgadmin	3.5.2	3.5.2.x
phppgadmin / phppgadmin	3.2	3.2.x
phppgadmin / phppgadmin	5.0.0	5.0.0.x

Vulnerability Database

CVE-2011-3598