Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-8amg-r4d1-kubh

Summary

phpMyAdmin Vulnerable to Cross-Site Scripting
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.3.x before 3.3.10.1 and 3.4.x before 3.4.1 allow remote attackers to inject arbitrary web script or HTML via a crafted table name that triggers improper HTML rendering on a Tracking page, related to (1) libraries/tbl_links.inc.php and (2) tbl_tracking.php.

Aliases

alias	CVE-2011-1940

alias	GHSA-4q58-5x28-53wv

Fixed_packages

url	pkg:deb/debian/phpmyadmin@4:3.4.1-1?distro=trixie
purl	pkg:deb/debian/phpmyadmin@4:3.4.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:3.4.1-1%3Fdistro=trixie

url pkg:deb/debian/phpmyadmin@4:5.0.4%2Bdfsg2-2%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/phpmyadmin@4:5.0.4%2Bdfsg2-2%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-47ju-f89a-eud8

vulnerability	VCID-d3qn-js1p-7yeq

vulnerability	VCID-dmqy-9xth-cuhs

vulnerability	VCID-gx8h-5h14-dqez

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:5.0.4%252Bdfsg2-2%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/phpmyadmin@4:5.2.1%2Bdfsg-1%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/phpmyadmin@4:5.2.1%2Bdfsg-1%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gx8h-5h14-dqez

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:5.2.1%252Bdfsg-1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/phpmyadmin@4:5.2.2-really%2Bdfsg-1%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/phpmyadmin@4:5.2.2-really%2Bdfsg-1%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:5.2.2-really%252Bdfsg-1%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/phpmyadmin@4:5.2.3%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/phpmyadmin@4:5.2.3%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpmyadmin@4:5.2.3%252Bdfsg-1%3Fdistro=trixie

Affected_packages

url pkg:composer/phpmyadmin/phpmyadmin@3.3.0

purl pkg:composer/phpmyadmin/phpmyadmin@3.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8amg-r4d1-kubh

vulnerability	VCID-92xz-8fkp-ekh3

vulnerability	VCID-eqw3-es5t-5qan

vulnerability	VCID-zb95-sn9m-r3bu

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@3.3.0

url pkg:composer/phpmyadmin/phpmyadmin@3.4.0

purl pkg:composer/phpmyadmin/phpmyadmin@3.4.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-67va-epqd-vydp

vulnerability	VCID-6r4m-kxj7-ybb6

vulnerability	VCID-8amg-r4d1-kubh

vulnerability	VCID-92xz-8fkp-ekh3

vulnerability	VCID-94pm-84ku-w3cw

vulnerability	VCID-kxq1-41am-gqdc

vulnerability	VCID-mctt-kqsq-97gt

vulnerability	VCID-ntmf-36f1-e3fg

vulnerability	VCID-qnf5-aays-qkf1

vulnerability	VCID-rht1-ecwp-aqe7

vulnerability	VCID-uyyu-r5e4-mqfg

vulnerability	VCID-zb95-sn9m-r3bu

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/phpmyadmin/phpmyadmin@3.4.0

References

reference_url

http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commitdiff%3Bh=7e10c132a3887c8ebfd7a8eee356b28375f1e287

reference_id

reference_type

scores

value	1.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commitdiff%3Bh=7e10c132a3887c8ebfd7a8eee356b28375f1e287

reference_url

http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commitdiff%3Bh=d3ccf798fdbd4f8a89d4088130637d8dee918492

reference_id

reference_type

scores

value	1.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commitdiff%3Bh=d3ccf798fdbd4f8a89d4088130637d8dee918492

reference_url

http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=7e10c132a3887c8ebfd7a8eee356b28375f1e287

reference_id

reference_type

scores

value	1.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=7e10c132a3887c8ebfd7a8eee356b28375f1e287

reference_url

http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=d3ccf798fdbd4f8a89d4088130637d8dee918492

reference_id

reference_type

scores

value	1.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=d3ccf798fdbd4f8a89d4088130637d8dee918492

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2011-1940

reference_id

reference_type

scores

value	0.00285
scoring_system	epss
scoring_elements	0.52251
published_at	2026-06-05T12:55:00Z

value	0.00285
scoring_system	epss
scoring_elements	0.52191
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2011-1940

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1940
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1940

reference_url

https://github.com/phpmyadmin/phpmyadmin

reference_id

reference_type

scores

value	1.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/phpmyadmin/phpmyadmin

reference_url

http://www.debian.org/security/2012/dsa-2391

reference_id

reference_type

scores

value	1.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://www.debian.org/security/2012/dsa-2391

reference_url

http://www.phpmyadmin.net/home_page/security/PMASA-2011-3.php

reference_id

reference_type

scores

value	1.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://www.phpmyadmin.net/home_page/security/PMASA-2011-3.php

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2011-1940

reference_id

CVE-2011-1940

reference_type

scores

value	1.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2011-1940

reference_url	https://github.com/advisories/GHSA-4q58-5x28-53wv
reference_id	GHSA-4q58-5x28-53wv
reference_type
scores
url	https://github.com/advisories/GHSA-4q58-5x28-53wv

Weaknesses

cwe_id	79
name	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
description	The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

Exploits

Severity_range_score 0.1 - 3

Exploitability 0.5

Weighted_severity 2.7

Risk_score 1.4

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8amg-r4d1-kubh

Vulnerability Instance