{"id":"CVE-2018-19970","details":"In phpMyAdmin before 4.8.4, an XSS vulnerability was found in the navigation tree, where an attacker can deliver a payload to a user through a crafted database/table name.","aliases":["GHSA-8987-93fh-rcwq"],"modified":"2026-04-16T01:39:16.327858505Z","published":"2018-12-11T17:29:00.320Z","related":["openSUSE-SU-2024:11171-1"],"database_specific":{"unresolved_ranges":[{"cpe":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"8.0"}],"source":"CPE_FIELD"}]},"references":[{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/106181"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2019/02/msg00003.html"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201904-16"},{"type":"FIX","url":"https://www.phpmyadmin.net/security/PMASA-2018-8/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/phpmyadmin/phpmyadmin","events":[{"introduced":"6da64cc3b2ba4439574f914f51e161645375be96"},{"fixed":"56ba19808f020fa8ac63366d450c3928564a91b8"}],"database_specific":{"cpe":"cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"introduced":"4.0.0"},{"fixed":"4.8.4"}]}}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-19970.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}