Vulnerability Details CVE-2020-26934
phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.034
EPSS Ranking 86.7%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00027.html
- http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html
- https://lists.debian.org/debian-lts-announce/2020/10/msg00024.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FHST4E5IJG7IKZTTW3R6MEZPVHJZ472K/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PXK37YEHSDYCIPQSYEMN2OFTP2ZLM7DO/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNLGHVDNAEZEGRTUESSSQFM7MZTHIDQ5/
- https://security.gentoo.org/glsa/202101-35
- https://www.phpmyadmin.net/security/PMASA-2020-5/
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00027.html
- http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html
- https://lists.debian.org/debian-lts-announce/2020/10/msg00024.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FHST4E5IJG7IKZTTW3R6MEZPVHJZ472K/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PXK37YEHSDYCIPQSYEMN2OFTP2ZLM7DO/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNLGHVDNAEZEGRTUESSSQFM7MZTHIDQ5/
- https://security.gentoo.org/glsa/202101-35
- https://www.phpmyadmin.net/security/PMASA-2020-5/
Products affected by CVE-2020-26934
-
cpe:2.3:a:opensuse:backports_sle:15.0
-
cpe:2.3:a:phpmyadmin:phpmyadmin:4.9.0
-
cpe:2.3:a:phpmyadmin:phpmyadmin:4.9.0.1
-
cpe:2.3:a:phpmyadmin:phpmyadmin:4.9.1
-
cpe:2.3:a:phpmyadmin:phpmyadmin:4.9.2
-
cpe:2.3:a:phpmyadmin:phpmyadmin:4.9.4
-
cpe:2.3:a:phpmyadmin:phpmyadmin:4.9.5
-
cpe:2.3:a:phpmyadmin:phpmyadmin:5.0.0
-
cpe:2.3:a:phpmyadmin:phpmyadmin:5.0.1
-
cpe:2.3:a:phpmyadmin:phpmyadmin:5.0.2
-
cpe:2.3:o:debian:debian_linux:9.0
-
cpe:2.3:o:fedoraproject:fedora:31
-
cpe:2.3:o:fedoraproject:fedora:32
-
cpe:2.3:o:fedoraproject:fedora:33
-
cpe:2.3:o:opensuse:leap:15.1
-
cpe:2.3:o:opensuse:leap:15.2