CVE-2010-2958
EPSS 0.44%phpMyAdmin Cross-site Scripting vulnerability
Published: 5/17/2022Modified: 5/7/2026
Description
Cross-site scripting (XSS) vulnerability in libraries/Error.class.php in phpMyAdmin 3.x before 3.3.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to a PHP backtrace and error messages (aka debugging messages), a different vulnerability than CVE-2010-3056.
Affected packages (2)
- Debian/phpmyadminfrom 0, < 4:3.3.6-1
- Packagist/phpmyadmin/phpmyadmin>= 3.0.0, < 3.3.6
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
References (8)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2010-2958
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2010-2958
- PATCHhttps://github.com/phpmyadmin/composer
- WEBhttp://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commit%3Bh=133a77fac7d31a38703db2099a90c1b49de62e37
- WEBhttp://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commit;h=133a77fac7d31a38703db2099a90c1b49de62e37
- WEBhttp://www.openwall.com/lists/oss-security/2010/09/01/2
- WEBhttp://www.openwall.com/lists/oss-security/2010/09/01/3
- WEBhttp://www.phpmyadmin.net/home_page/security/PMASA-2010-6.php