Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-ejnb-3ya3-uqa6
Vulnerability ID VCID-ejnb-3ya3-uqa6
Aliases CVE-2011-1940
GHSA-4q58-5x28-53wv
Summary phpMyAdmin Vulnerable to Cross-Site Scripting Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.3.x before 3.3.10.1 and 3.4.x before 3.4.1 allow remote attackers to inject arbitrary web script or HTML via a crafted table name that triggers improper HTML rendering on a Tracking page, related to (1) libraries/tbl_links.inc.php and (2) tbl_tracking.php.
Status Published
Exploitability 0.5
Weighted Severity 2.7
Risk 1.4
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv4 1.3 http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commitdiff%3Bh=7e10c132a3887c8ebfd7a8eee356b28375f1e287
generic_textual LOW http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commitdiff%3Bh=7e10c132a3887c8ebfd7a8eee356b28375f1e287
cvssv4 1.3 http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commitdiff%3Bh=d3ccf798fdbd4f8a89d4088130637d8dee918492
generic_textual LOW http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commitdiff%3Bh=d3ccf798fdbd4f8a89d4088130637d8dee918492
cvssv4 1.3 http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=7e10c132a3887c8ebfd7a8eee356b28375f1e287
generic_textual LOW http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=7e10c132a3887c8ebfd7a8eee356b28375f1e287
cvssv4 1.3 http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=d3ccf798fdbd4f8a89d4088130637d8dee918492
generic_textual LOW http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=d3ccf798fdbd4f8a89d4088130637d8dee918492
epss 0.00285 https://api.first.org/data/v1/epss?cve=CVE-2011-1940
epss 0.00285 https://api.first.org/data/v1/epss?cve=CVE-2011-1940
epss 0.00285 https://api.first.org/data/v1/epss?cve=CVE-2011-1940
epss 0.00285 https://api.first.org/data/v1/epss?cve=CVE-2011-1940
epss 0.00285 https://api.first.org/data/v1/epss?cve=CVE-2011-1940
epss 0.00285 https://api.first.org/data/v1/epss?cve=CVE-2011-1940
epss 0.00285 https://api.first.org/data/v1/epss?cve=CVE-2011-1940
epss 0.00285 https://api.first.org/data/v1/epss?cve=CVE-2011-1940
epss 0.00285 https://api.first.org/data/v1/epss?cve=CVE-2011-1940
epss 0.00285 https://api.first.org/data/v1/epss?cve=CVE-2011-1940
epss 0.00285 https://api.first.org/data/v1/epss?cve=CVE-2011-1940
epss 0.00285 https://api.first.org/data/v1/epss?cve=CVE-2011-1940
epss 0.00285 https://api.first.org/data/v1/epss?cve=CVE-2011-1940
epss 0.00285 https://api.first.org/data/v1/epss?cve=CVE-2011-1940
epss 0.00285 https://api.first.org/data/v1/epss?cve=CVE-2011-1940
epss 0.00285 https://api.first.org/data/v1/epss?cve=CVE-2011-1940
epss 0.00285 https://api.first.org/data/v1/epss?cve=CVE-2011-1940
epss 0.00285 https://api.first.org/data/v1/epss?cve=CVE-2011-1940
epss 0.00285 https://api.first.org/data/v1/epss?cve=CVE-2011-1940
cvssv3.1_qr LOW https://github.com/advisories/GHSA-4q58-5x28-53wv
cvssv4 1.3 https://github.com/phpmyadmin/phpmyadmin
generic_textual LOW https://github.com/phpmyadmin/phpmyadmin
cvssv4 1.3 https://nvd.nist.gov/vuln/detail/CVE-2011-1940
generic_textual LOW https://nvd.nist.gov/vuln/detail/CVE-2011-1940
cvssv4 1.3 http://www.debian.org/security/2012/dsa-2391
generic_textual LOW http://www.debian.org/security/2012/dsa-2391
cvssv4 1.3 http://www.phpmyadmin.net/home_page/security/PMASA-2011-3.php
generic_textual LOW http://www.phpmyadmin.net/home_page/security/PMASA-2011-3.php
Reference id Reference type URL
http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commitdiff%3Bh=7e10c132a3887c8ebfd7a8eee356b28375f1e287
http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commitdiff%3Bh=d3ccf798fdbd4f8a89d4088130637d8dee918492
http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=7e10c132a3887c8ebfd7a8eee356b28375f1e287
http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=d3ccf798fdbd4f8a89d4088130637d8dee918492
https://api.first.org/data/v1/epss?cve=CVE-2011-1940
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1940
https://github.com/phpmyadmin/phpmyadmin
http://www.debian.org/security/2012/dsa-2391
http://www.phpmyadmin.net/home_page/security/PMASA-2011-3.php
CVE-2011-1940 https://nvd.nist.gov/vuln/detail/CVE-2011-1940
GHSA-4q58-5x28-53wv https://github.com/advisories/GHSA-4q58-5x28-53wv
No exploits are available.
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U Found at http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commitdiff%3Bh=7e10c132a3887c8ebfd7a8eee356b28375f1e287
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U Found at http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin%3Ba=commitdiff%3Bh=d3ccf798fdbd4f8a89d4088130637d8dee918492
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U Found at http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=7e10c132a3887c8ebfd7a8eee356b28375f1e287
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U Found at http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=d3ccf798fdbd4f8a89d4088130637d8dee918492
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U Found at https://github.com/phpmyadmin/phpmyadmin
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U Found at https://nvd.nist.gov/vuln/detail/CVE-2011-1940
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U Found at http://www.debian.org/security/2012/dsa-2391
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U Found at http://www.phpmyadmin.net/home_page/security/PMASA-2011-3.php
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.51871
EPSS Score 0.00285
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T12:50:43.779519+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/phpmyadmin/phpmyadmin/CVE-2011-1940.yml 38.0.0