VulnerableCode Vulnerability Details - VCID-zp68-y2kq-47ez

Search for vulnerabilities

Vulnerability details: VCID-zp68-y2kq-47ez

Essentials
Severities (1)
References (5)
Severity details (0)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-zp68-y2kq-47ez
Aliases	CVE-2011-1940 GHSA-4q58-5x28-53wv
Summary	Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.3.x before 3.3.10.1 and 3.4.x before 3.4.1 allow remote attackers to inject arbitrary web script or HTML via a crafted table name that triggers improper HTML rendering on a Tracking page, related to (1) libraries/tbl_links.inc.php and (2) tbl_tracking.php.
Status	Published
Exploitability	None
Weighted Severity	None
Risk	None
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
epss	0.00285	https://api.first.org/data/v1/epss?cve=CVE-2011-1940

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2011-1940
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1940
		https://github.com/phpmyadmin/phpmyadmin
CVE-2011-1940		https://nvd.nist.gov/vuln/detail/CVE-2011-1940
GHSA-4q58-5x28-53wv		https://github.com/advisories/GHSA-4q58-5x28-53wv

No exploits are available.

There are no known vectors.

Exploit Prediction Scoring System (EPSS)

Percentile	0.51705
EPSS Score	0.00285
Published At	Dec. 19, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-12-19T17:41:28.830226+00:00	Debian Importer	Import	https://security-tracker.debian.org/tracker/data/json	37.0.0