CVE-2013-5002

EPSS 0.21%

phpMyAdmin Cross-site scripting (XSS) vulnerability via pageNumber value

Published: 5/17/2022Modified: 5/7/2026

Also known as:GHSA-p632-5w74-x8xxDEBIAN-CVE-2013-5002

Description

Cross-site scripting (XSS) vulnerability in libraries/schema/Export_Relation_Schema.class.php in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted pageNumber value to schema_export.php.

Affected packages (2)

Debian/phpmyadminfrom 0, < 4:4.0.4.2-1
Packagist/phpmyadmin/phpmyadmin>= 3.5, < 3.5.8.2

References (3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2013-5002
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2013-5002
WEBhttp://www.phpmyadmin.net/home_page/security/PMASA-2013-14.php