FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

phpMyAdmin -- Multiple XSS

Affected packages
3.4 < phpMyAdmin < 3.4.9.r1

Details

VuXML ID 8c83145d-2c95-11e1-89b4-001ec9578670
Discovery 2011-12-16
Entry 2011-12-22

The phpMyAdmin development team reports:

Using crafted url parameters, it was possible to produce XSS on the export panels in the server, database and table sections.

[source]

Crafted values entered in the setup interface can produce XSS; also, if the config directory exists and is writeable, the XSS payload can be saved to this directory.

[source]

References

CVE Name CVE-2011-4780
CVE Name CVE-2011-4782
URL http://www.phpmyadmin.net/home_page/security/PMASA-2011-19.php
URL http://www.phpmyadmin.net/home_page/security/PMASA-2011-20.php

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.