{"id":"CVE-2010-4480","details":"error.php in PhpMyAdmin 3.3.8.1, and other versions before 3.4.0-beta1, allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted BBcode tag containing \"@\" characters, as demonstrated using \"[a@url@page]\".","modified":"2026-04-10T03:41:30.229194Z","published":"2010-12-08T16:00:02Z","references":[{"type":"ADVISORY","url":"http://secunia.com/advisories/42485"},{"type":"ADVISORY","url":"http://secunia.com/advisories/42725"},{"type":"ADVISORY","url":"http://www.debian.org/security/2010/dsa-2139"},{"type":"ADVISORY","url":"http://www.mandriva.com/security/advisories?name=MDVSA-2011:000"},{"type":"ADVISORY","url":"http://www.vupen.com/english/advisories/2010/3133"},{"type":"ADVISORY","url":"http://www.vupen.com/english/advisories/2011/0001"},{"type":"ADVISORY","url":"http://www.vupen.com/english/advisories/2011/0027"},{"type":"EVIDENCE","url":"http://www.exploit-db.com/exploits/15699"},{"type":"WEB","url":"http://www.phpmyadmin.net/home_page/security/PMASA-2010-9.php"},{"type":"WEB","url":"http://www.securityfocus.com/bid/45633"}],"schema_version":"1.7.5"}