CVE-2008-4326
phpmyadmin - cross site scripting
EPSS 0.43%
Description
The PMA_escapeJsString function in libraries/js_escape.lib.php in phpMyAdmin before 2.11.9.2, when Internet Explorer is used, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via a NUL byte inside a "</script" sequence.
How to fix CVE-2008-4326
To remediate CVE-2008-4326, upgrade the affected package to a fixed version below.
- Debian/phpmyadmin—upgrade to 4:2.11.8.1-3 or later
- Debian/phpmyadmin—upgrade to 4:2.9.1.1-9 or later
Is CVE-2008-4326 being exploited?
Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 4:2.11.8.1-3
- from 0, < 4:2.9.1.1-9