FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

phpMyAdmin -- Multiple XSS

Affected packages
3.4 < phpMyAdmin < 3.4.8.r1

Details

VuXML ID ed536336-1c57-11e1-86f4-e0cb4e266481
Discovery 2011-11-24
Entry 2011-12-01

The phpMyAdmin development team reports:

Using crafted database names, it was possible to produce XSS in the Database Synchronize and Database rename panels. Using an invalid and crafted SQL query, it was possible to produce XSS when editing a query on a table overview panel or when using the view creation dialog. Using a crafted column type, it was possible to produce XSS in the table search and create index dialogs.

[source]

References

CVE Name CVE-2011-4634
URL http://www.phpmyadmin.net/home_page/security/PMASA-2011-18.php

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.