Description

In phpMyAdmin before 4.8.4, an XSS vulnerability was found in the navigation tree, where an attacker can deliver a payload to a user through a crafted database/table name.

Remediation

References

CVE-2018-19970

Related Vulnerabilities

MySQL CVE-2019-2537 Vulnerability (CVE-2019-2537)

MySQL CVE-2024-21162 Vulnerability (CVE-2024-21162)

WordPress Plugin PictoBrowser Cross-Site Request Forgery (0.3.1)

MySQL CVE-2017-10283 Vulnerability (CVE-2017-10283)

XWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2023-34466)

Severity

Medium

Classification

CVE-2018-19970 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities