Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-8euz-dr4k-y3br
Vulnerability ID VCID-8euz-dr4k-y3br
Aliases CVE-2009-1150
Summary Multiple cross-site scripting (XSS) vulnerabilities in the export page (display_export.lib.php) in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allow remote attackers to inject arbitrary web script or HTML via the pma_db_filename_template cookie.
Status Published
Exploitability 0.5
Weighted Severity 0.0
Risk None
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.00749 https://api.first.org/data/v1/epss?cve=CVE-2009-1150
epss 0.00749 https://api.first.org/data/v1/epss?cve=CVE-2009-1150
epss 0.00749 https://api.first.org/data/v1/epss?cve=CVE-2009-1150
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1150.json
https://api.first.org/data/v1/epss?cve=CVE-2009-1150
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1150
492066 https://bugzilla.redhat.com/show_bug.cgi?id=492066
GLSA-200906-03 https://security.gentoo.org/glsa/200906-03
No exploits are available.
There are no known vectors.
Exploit Prediction Scoring System (EPSS)
Percentile 0.73492
EPSS Score 0.00749
Published At June 4, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-04T17:07:09.846281+00:00 Debian Importer Import https://security-tracker.debian.org/tracker/data/json 38.6.0