phpMyAdmin 3.5.x before 3.5.3 uses JavaScript code that is obtained through an HTTP session to phpmyadmin.net without SSL, which allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks by modifying this code.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| phpmyadmin/phpmyadmin(Packagist) | 3.5 | 3.5.3 | N/A |
CVSS Metrics
