phpMyAdmin cross-site scripting vulnerability


phpMyAdmin provided by The phpMyAdmin Project contains a cross-site scripting vulnerability.

phpMyAdmin provided by The phpMyAdmin Project is software to handle the administration of MySQL over the web browser. phpMyAdmin contains a cross-site scripting vulnerability.

Masako Oono of NetAgent Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 4.3 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
Affected Products

The phpMyAdmin Project
  • phpMyAdmin and earlier


An arbitrary script may be executed on the user's web browser.
According to the developer, Microsoft Internet Explorer is only affected by this vulnerability and it is confirmed that Mozilla Firefox, Google Chrome, Konqueror, and Apple Safari are not affected by this issue.
For more information, refer to the developer's website.

[Update the Software]
Apply the latest update provided by the developer.
Vendor Information

The phpMyAdmin Project
CWE (What is CWE?)

  1. Cross-site Scripting(CWE-79) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2008-4326

  1. JVN : JVN#54824688
  2. National Vulnerability Database (NVD) : CVE-2008-4326
  3. VUPEN Security : VUPEN/ADV-2008-2657
  4. JVN iPedia (Japanese) : JVNDB-2008-000061
Revision History

  • [2008/09/26]
      Web page published