{"id":"DEBIAN-CVE-2011-3591","details":"Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a crafted row that triggers an improperly constructed confirmation message after inline-editing and save operations, related to (1) js/functions.js and (2) js/tbl_structure.js.","modified":"2026-05-07T17:03:12.411339Z","published":"2014-12-26T02:59:05.143Z","upstream":["CVE-2011-3591"],"references":[{"type":"ADVISORY","url":"https://security-tracker.debian.org/tracker/CVE-2011-3591"}],"affected":[{"package":{"name":"phpmyadmin","ecosystem":"Debian:11","purl":"pkg:deb/debian/phpmyadmin?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4:3.4.5-1"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2011-3591.json"}},{"package":{"name":"phpmyadmin","ecosystem":"Debian:12","purl":"pkg:deb/debian/phpmyadmin?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4:3.4.5-1"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2011-3591.json"}},{"package":{"name":"phpmyadmin","ecosystem":"Debian:13","purl":"pkg:deb/debian/phpmyadmin?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4:3.4.5-1"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2011-3591.json"}}],"schema_version":"1.7.5"}