VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-wn4f-7vjc-b7gx

Vulnerability ID	VCID-wn4f-7vjc-b7gx
Aliases	CVE-2005-3301
Summary	Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4-pl3 allow remote attackers to inject arbitrary web script or HTML via certain arguments to (1) left.php, (2) queryframe.php, or (3) server_databases.php.
Status	Published
Exploitability	2.0
Weighted Severity	0.1
Risk	0.2
Affected and Fixed Packages	Package Details

Weaknesses (0)

There are no known CWE.

System	Score	Found at
epss	0.11794	https://api.first.org/data/v1/epss?cve=CVE-2005-3301
epss	0.11794	https://api.first.org/data/v1/epss?cve=CVE-2005-3301
epss	0.11794	https://api.first.org/data/v1/epss?cve=CVE-2005-3301

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2005-3301
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3301
335513		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=335513
CVE-2005-3301;OSVDB-20261	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/26392.txt
CVE-2005-3301;OSVDB-20262	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/26393.txt
CVE-2005-3301;OSVDB-20262	Exploit	https://www.securityfocus.com/bid/15196/info
GLSA-200510-21		https://security.gentoo.org/glsa/200510-21

Data source	Exploit-DB
Date added	May 20, 2005
Description	phpMyAdmin 2.x - 'server_databases.php' Cross-Site Scripting
Ransomware campaign use	Known
Source publication date	May 20, 2005
Exploit type	webapps
Platform	php
Source update date	June 23, 2013
Source URL	https://www.securityfocus.com/bid/15196/info

There are no known vectors.

Exploit Prediction Scoring System (EPSS)

Date	Actor	Action	Source	VulnerableCode Version
2026-06-04T17:07:07.281294+00:00	Debian Importer	Import	https://security-tracker.debian.org/tracker/data/json	38.6.0