Launchpad CVE tracker

CVE 2023-25727

In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface.

Related bugs and status

CVE-2023-25727 (Candidate) is related to these bugs:

Bug #2016018: XSS vulnerability in drag-and-drop upload (CVE-2023-25727, PMASA-2023-1)

		In	Importance	Status
2016018	XSS vulnerability in drag-and-drop upload (CVE-2023-25727, PMASA-2023-1)	phpmyadmin (Ubuntu)	Undecided	Fix Released
2016018	XSS vulnerability in drag-and-drop upload (CVE-2023-25727, PMASA-2023-1)	phpmyadmin (Debian)	Undecided	Fix Released
2016018	XSS vulnerability in drag-and-drop upload (CVE-2023-25727, PMASA-2023-1)	phpmyadmin (Ubuntu Jammy)	Undecided	Confirmed
2016018	XSS vulnerability in drag-and-drop upload (CVE-2023-25727, PMASA-2023-1)	phpmyadmin (Ubuntu Kinetic)	Undecided	Won't Fix

See the

CVE page on Mitre.org for more details.

References

MISC: https://www.phpmyadmin...

Launchpad.net

CVE 2023-25727

Related bugs and status

Related bugs

References