phpMoAdmin 1.1.5 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the collection parameter. Attackers can send GET requests to moadmin.php with script payloads in the collection parameter during collection creation to execute arbitrary JavaScript in users' browsers.
Metrics
Affected Vendors & Products
No data.
No data.
No data.
References
History
Fri, 20 Feb 2026 23:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | phpMoAdmin 1.1.5 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the collection parameter. Attackers can send GET requests to moadmin.php with script payloads in the collection parameter during collection creation to execute arbitrary JavaScript in users' browsers. | |
| Title | phpMoAdmin 1.1.5 Stored Cross-Site Scripting via collection Parameter | |
| Weaknesses | CWE-79 | |
| References |
| |
| Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: VulnCheck
Published: 2026-02-20T22:57:02.824Z
Updated: 2026-02-20T22:57:02.824Z
Reserved: 2026-02-20T18:38:09.806Z
Link: CVE-2019-25454
Vulnrichment
No data.
NVD
Status : Received
Published: 2026-02-20T23:16:02.077
Modified: 2026-02-20T23:16:02.077
Link: CVE-2019-25454
Redhat
No data.