{"id":"GHSA-rfpg-2fp8-2fph","summary":"phpMyAdmin multiple cross-site scripting vulnerabilities","details":"Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.3 allow remote authenticated users to inject arbitrary web script or HTML via a crafted name of (1) an event, (2) a procedure, or (3) a trigger.","aliases":["CVE-2012-5339"],"modified":"2023-11-08T03:57:08.196793Z","published":"2022-05-17T05:16:32Z","database_specific":{"nvd_published_at":"2012-10-25T10:51:00Z","severity":"LOW","github_reviewed":true,"github_reviewed_at":"2023-08-29T21:40:33Z","cwe_ids":["CWE-79"]},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2012-5339"},{"type":"WEB","url":"https://github.com/phpmyadmin/phpmyadmin/commit/6ea8fad3f999bfdf79eb6fe31309592bca54d611"},{"type":"WEB","url":"https://github.com/phpmyadmin/phpmyadmin/commit/cfd688d2512df9827a8ecc0412fc264fc5bcb186"},{"type":"WEB","url":"https://web.archive.org/web/20121020000514/http://www.securityfocus.com/bid/55925"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-updates/2012-11/msg00033.html"},{"type":"WEB","url":"http://www.phpmyadmin.net/home_page/security/PMASA-2012-6.php"}],"affected":[{"package":{"name":"phpmyadmin/phpmyadmin","ecosystem":"Packagist","purl":"pkg:composer/phpmyadmin/phpmyadmin"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"3.5"},{"fixed":"3.5.3"}]}],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-rfpg-2fp8-2fph/GHSA-rfpg-2fp8-2fph.json"}}],"schema_version":"1.7.3"}