CVE-2021-29625
XSS in doc_linkAdminer is open-source database management software. A cross-site scripting vulnerability in Adminer versions 4.6.1 to 4.8.0 affects users of MySQL, MariaDB, PgSQL and SQLite. XSS is in most cases prevented by strict CSP in all modern browsers. The only exception is when Adminer is using a `pdo_` extension to communicate with the database (it is used if the native extensions are not enabled). In browsers without CSP, Adminer versions 4.6.1 to 4.8.0 are affected. The vulnerability is patched in version 4.8.1. As workarounds, one can use a browser supporting strict CSP or enable the native PHP extensions (e.g. `mysqli`) or disable displaying PHP errors (`display_errors`).
We have discovered 8 live websites that are affected by CVE-2021-29625.
Affected Software
| Product |  Adminer |
| Category | Database Managers |
| Vulnerable Domains | 8 live websites (1.68% of Adminer install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 2 versions ( 5.56% of all versions) |
Common Weakness Enumeration
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')Details
- Published - May 20, 2021
- Updated - Aug 3, 2024
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2021-29625 United States | 2 websites |
 China | 2 websites |
 Germany | 1 websites |
 France | 1 websites |
 Iran | 1 websites |
 Poland | 1 websites |
Website Distribution by TLD
Number of websites using CVE-2021-29625| .cn | 1 websites |
| .com | 1 websites |
| .de | 1 websites |
| .fr | 1 websites |
| .net | 1 websites |
| .org | 1 websites |
| .pl | 1 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2021-29625
Top websites that are affected by CVE-2021-29625. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ****.********.net | United States | *,***,*** | |
| ******.**.********.com | United States | *,***,*** | |
| ****.*******.ir | Iran | **,***,*** | |
| ****.org | China | **,***,*** | |
| *****.****.de | Germany | **,***,*** | |
| ****.****.cn | China | **,***,*** | |
| ********.fr | France | **,***,*** | |
| *********.pl | Poland | ***,***,*** |
FAQ
CVE-2021-29625 is Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Adminer
A total of 8 websites have been identified as vulnerable to CVE-2021-29625, based on global website indexing conducted by WebTechSurvey.
The Adminer is affected by the CVE-2021-29625 vulnerability.
Adminer versions up to 4.8.1 are vulnerable to CVE-2021-29625.
CVE-2021-29625 is resolved in version 4.8.1 of Adminer.