PhpMyAdmin Cross-Site Scripting Vulnerability Network Vulnerability

Summary

The host is running phpMyAdmin, which is prone to Cross-Site Scripting Vulnerability.

Impact

Execution of arbitrary HTML and script code will allow attackers to steal cookie-based authentication credentials and to launch other attacks. Impact Level : Application

Solution

Update to version 2.11.9.2 http://www.phpmyadmin.net/home_page/downloads.php ***** NOTE : Ignore this warning, if above mentioned Update is applied already. *****

Insight

Error exists in the PMA_escapeJsString() function in js_escape.lib.php file, which fails to sufficiently sanitize user-supplied data.

Affected

phpMyAdmin versions prior to 2.11.9.2 on all platform

References

http://secunia.com/advisories/31974/
http://www.phpmyadmin.net/home_page/downloads.php?relnotes=1
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-8

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
Apache Tomcat source.jsp malformed request information disclosure
Adobe ColdFusion Unspecified Information Disclosure Vulnerability
Apache Tomcat Login Constraints Security Bypass Vulnerability
Advanced Image Hosting Cross Site Scripting Vulnerability

phpMyAdmin Cross-Site Scripting Vulnerability

Take action and discover your vulnerabilities