Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-kke6-fqmn-pug2

Summary

phpMyAdmin multiple cross-site scripting vulnerabilities
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.3 allow remote authenticated users to inject arbitrary web script or HTML via a crafted name of (1) an event, (2) a procedure, or (3) a trigger.

Aliases

alias	CVE-2012-5339

alias	GHSA-rfpg-2fp8-2fph

Fixed_packages

url	pkg:deb/debian/phpmyadmin@0?distro=trixie
purl	pkg:deb/debian/phpmyadmin@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@0%3Fdistro=trixie

url pkg:deb/debian/phpmyadmin@4:5.0.4%2Bdfsg2-2%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/phpmyadmin@4:5.0.4%2Bdfsg2-2%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-na3j-h3qr-k7dc

vulnerability	VCID-ndjn-p6gb-u7g4

vulnerability	VCID-rqy8-n6fr-hqey

vulnerability	VCID-zd8d-c1nk-g7a4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:5.0.4%252Bdfsg2-2%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/phpmyadmin@4:5.2.1%2Bdfsg-1%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/phpmyadmin@4:5.2.1%2Bdfsg-1%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zd8d-c1nk-g7a4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:5.2.1%252Bdfsg-1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/phpmyadmin@4:5.2.2-really%2Bdfsg-1%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/phpmyadmin@4:5.2.2-really%2Bdfsg-1%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:5.2.2-really%252Bdfsg-1%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/phpmyadmin@4:5.2.3%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/phpmyadmin@4:5.2.3%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:5.2.3%252Bdfsg-1%3Fdistro=trixie

Affected_packages

url pkg:composer/phpmyadmin/phpmyadmin@3.5.0

purl pkg:composer/phpmyadmin/phpmyadmin@3.5.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1dhd-3ayw-6kg3

vulnerability	VCID-2n2q-cm1n-cqdr

vulnerability	VCID-46c2-r8g1-13ez

vulnerability	VCID-5288-gx4v-7bh4

vulnerability	VCID-dby9-xw23-huf5

vulnerability	VCID-kke6-fqmn-pug2

vulnerability	VCID-q2be-73wp-tbav

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@3.5.0

References

reference_url

http://lists.opensuse.org/opensuse-updates/2012-11/msg00033.html

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2012-11/msg00033.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-5339

reference_id

reference_type

scores

value	0.00208
scoring_system	epss
scoring_elements	0.43128
published_at	2026-04-21T12:55:00Z

value	0.00208
scoring_system	epss
scoring_elements	0.4316
published_at	2026-04-08T12:55:00Z

value	0.00208
scoring_system	epss
scoring_elements	0.43173
published_at	2026-04-09T12:55:00Z

value	0.00208
scoring_system	epss
scoring_elements	0.43194
published_at	2026-04-11T12:55:00Z

value	0.00208
scoring_system	epss
scoring_elements	0.43161
published_at	2026-04-12T12:55:00Z

value	0.00208
scoring_system	epss
scoring_elements	0.43146
published_at	2026-04-13T12:55:00Z

value	0.00208
scoring_system	epss
scoring_elements	0.43205
published_at	2026-04-16T12:55:00Z

value	0.00208
scoring_system	epss
scoring_elements	0.43195
published_at	2026-04-18T12:55:00Z

value	0.00208
scoring_system	epss
scoring_elements	0.43083
published_at	2026-04-01T12:55:00Z

value	0.00208
scoring_system	epss
scoring_elements	0.43142
published_at	2026-04-02T12:55:00Z

value	0.00208
scoring_system	epss
scoring_elements	0.43169
published_at	2026-04-04T12:55:00Z

value	0.00208
scoring_system	epss
scoring_elements	0.43107
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-5339

reference_url

https://github.com/phpmyadmin/phpmyadmin/commit/6ea8fad3f999bfdf79eb6fe31309592bca54d611

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/phpmyadmin/phpmyadmin/commit/6ea8fad3f999bfdf79eb6fe31309592bca54d611

reference_url

https://github.com/phpmyadmin/phpmyadmin/commit/cfd688d2512df9827a8ecc0412fc264fc5bcb186

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/phpmyadmin/phpmyadmin/commit/cfd688d2512df9827a8ecc0412fc264fc5bcb186

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2012-5339

reference_id

reference_type

scores

value	3.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:S/C:N/I:P/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2012-5339

reference_url

https://web.archive.org/web/20121020000514/http://www.securityfocus.com/bid/55925

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20121020000514/http://www.securityfocus.com/bid/55925

reference_url

http://www.phpmyadmin.net/home_page/security/PMASA-2012-6.php

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://www.phpmyadmin.net/home_page/security/PMASA-2012-6.php

reference_url	http://www.securityfocus.com/bid/55925
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/55925

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.0.0:::::::*
reference_id	cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.1.0:::::::*
reference_id	cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.2.0:::::::*
reference_id	cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.2.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.2.1:::::::*
reference_id	cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.2.2:::::::*
reference_id	cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.2.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.2.2:::::::*

reference_url

https://github.com/advisories/GHSA-rfpg-2fp8-2fph

reference_id

GHSA-rfpg-2fp8-2fph

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-rfpg-2fp8-2fph

Weaknesses

cwe_id	79
name	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
description	The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

Exploits

Severity_range_score 0.1 - 3.5

Exploitability 0.5

Weighted_severity 3.1

Risk_score 1.6

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kke6-fqmn-pug2

Vulnerability Instance