VulnerableCode Package Details - pkg:deb/debian/phpmyadmin@4:5.2.1%2Bdfsg-1%2Bdeb12u1

Search for packages

Vulnerability	Summary	Fixed by
VCID-zd8d-c1nk-g7a4 Aliases: CVE-2025-3573 GHSA-rrj2-ph5q-jxw2	jquery-validation vulnerable to Cross-site Scripting Versions of the package jquery-validation before 1.20.0 are vulnerable to Cross-site Scripting (XSS) in the showLabel() function, which may take input from a user-controlled placeholder value. This value will populate a message via $.validator.messages in a user localizable dictionary.	4:5.2.2-really+dfsg-1+deb13u1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-zd8d-c1nk-g7a4
Aliases:
CVE-2025-3573
GHSA-rrj2-ph5q-jxw2

jquery-validation vulnerable to Cross-site Scripting Versions of the package jquery-validation before 1.20.0 are vulnerable to Cross-site Scripting (XSS) in the showLabel() function, which may take input from a user-controlled placeholder value. This value will populate a message via $.validator.messages in a user localizable dictionary.

4:5.2.2-really+dfsg-1+deb13u1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-2wka-nyka-9fbz	An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the Insert tab.	CVE-2025-24529
VCID-araw-4wdy-hqcz	phpMyAdmin XSS when checking tables An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the check tables feature. A crafted table or database name could be used for XSS.	CVE-2025-24530 GHSA-222v-cx2c-q2f5
VCID-na3j-h3qr-k7dc	Improper Authentication An issue was discovered in phpMyAdm. A valid user who is already authenticated to phpMyAdmin can manipulate their account to bypass two-factor authentication for future login instances.	CVE-2022-23807 GHSA-8wf2-3ggj-78q9
VCID-ndjn-p6gb-u7g4	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection.	CVE-2022-23808 GHSA-vcwc-6mr9-8m7c
VCID-rqy8-n6fr-hqey	Exposure of Sensitive Information to an Unauthorized Actor PhpMyAdmin 5.1.1 and before allows an attacker to retrieve potentially sensitive information by creating invalid requests. This affects the lang parameter, the pma_parameter, and the cookie section.	CVE-2022-0813 GHSA-vx8q-j7h9-vf6q
VCID-ym9b-4su6-6fbr	Cross-site Scripting vulnerability in drag-and-drop upload of phpMyAdmin In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger Cross-site Scripting (XSS) by uploading a crafted .sql file through the drag-and-drop interface. By disabling the configuration directive `$cfg['enable_drag_drop_import']`, users will be unable to use the drag and drop upload which would protect against the vulnerability.	CVE-2023-25727 GHSA-6hr3-44gx-g6wh

Vulnerability

Summary

Aliases

VCID-2wka-nyka-9fbz

An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the Insert tab.

CVE-2025-24529

VCID-araw-4wdy-hqcz

phpMyAdmin XSS when checking tables An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the check tables feature. A crafted table or database name could be used for XSS.

CVE-2025-24530
GHSA-222v-cx2c-q2f5

VCID-na3j-h3qr-k7dc

Improper Authentication An issue was discovered in phpMyAdm. A valid user who is already authenticated to phpMyAdmin can manipulate their account to bypass two-factor authentication for future login instances.

CVE-2022-23807
GHSA-8wf2-3ggj-78q9

VCID-ndjn-p6gb-u7g4

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection.

CVE-2022-23808
GHSA-vcwc-6mr9-8m7c

VCID-rqy8-n6fr-hqey

Exposure of Sensitive Information to an Unauthorized Actor PhpMyAdmin 5.1.1 and before allows an attacker to retrieve potentially sensitive information by creating invalid requests. This affects the lang parameter, the pma_parameter, and the cookie section.

CVE-2022-0813
GHSA-vx8q-j7h9-vf6q

VCID-ym9b-4su6-6fbr

Cross-site Scripting vulnerability in drag-and-drop upload of phpMyAdmin In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger Cross-site Scripting (XSS) by uploading a crafted .sql file through the drag-and-drop interface. By disabling the configuration directive `$cfg['enable_drag_drop_import']`, users will be unable to use the drag and drop upload which would protect against the vulnerability.

CVE-2023-25727
GHSA-6hr3-44gx-g6wh

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T13:23:15.390913+00:00	Debian Importer	Affected by	VCID-zd8d-c1nk-g7a4	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T13:02:24.545305+00:00	Debian Importer	Fixing	VCID-rqy8-n6fr-hqey	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:22:56.374000+00:00	Debian Importer	Fixing	VCID-na3j-h3qr-k7dc	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T08:39:30.552267+00:00	Debian Importer	Fixing	VCID-ndjn-p6gb-u7g4	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-15T21:42:59.167623+00:00	Debian Oval Importer	Fixing	VCID-araw-4wdy-hqcz	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T20:36:29.914556+00:00	Debian Oval Importer	Fixing	VCID-ym9b-4su6-6fbr	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T18:02:06.487737+00:00	Debian Oval Importer	Fixing	VCID-2wka-nyka-9fbz	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-13T09:13:55.666262+00:00	Debian Importer	Affected by	VCID-zd8d-c1nk-g7a4	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:57:48.122108+00:00	Debian Importer	Fixing	VCID-rqy8-n6fr-hqey	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T21:21:43.601761+00:00	Debian Oval Importer	Fixing	VCID-araw-4wdy-hqcz	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T20:17:41.762373+00:00	Debian Oval Importer	Fixing	VCID-ym9b-4su6-6fbr	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T18:15:53.308242+00:00	Debian Importer	Fixing	VCID-na3j-h3qr-k7dc	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T17:49:15.182803+00:00	Debian Importer	Fixing	VCID-ndjn-p6gb-u7g4	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T17:47:52.840993+00:00	Debian Oval Importer	Fixing	VCID-2wka-nyka-9fbz	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-08T21:00:23.957566+00:00	Debian Oval Importer	Fixing	VCID-araw-4wdy-hqcz	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T20:08:01.415590+00:00	Debian Importer	Affected by	VCID-zd8d-c1nk-g7a4	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-08T19:58:35.854999+00:00	Debian Oval Importer	Fixing	VCID-ym9b-4su6-6fbr	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T19:57:54.899206+00:00	Debian Importer	Fixing	VCID-rqy8-n6fr-hqey	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-08T17:35:05.178918+00:00	Debian Oval Importer	Fixing	VCID-2wka-nyka-9fbz	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-04T18:02:50.908301+00:00	Debian Importer	Fixing	VCID-na3j-h3qr-k7dc	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-04T15:51:13.735054+00:00	Debian Importer	Fixing	VCID-ndjn-p6gb-u7g4	https://security-tracker.debian.org/tracker/data/json	38.1.0