PhpMyAdmin Setup Script Request Cross Site Scripting Vulnerability Network Vulnerability

Summary

The host is running phpMyAdmin and is prone to Cross-Site Scripting Vulnerability.

Impact

Successful exploitation will allow attackers to execute arbitrary web script or HTML in a user's browser session in the context of an affected site. Impact Level: Application

Solution

Upgrade to phpMyAdmin version 3.3.7 or later, For updates refer to http://www.phpmyadmin.net/home_page/downloads.php

Insight

The flaw is caused by an unspecified input validation error when processing spoofed requests sent to setup script, which could be exploited by attackers to cause arbitrary scripting code to be executed on the user's browser session in the security context of an affected site.

Affected

phpMyAdmin versions 3.x before 3.3.7

References

http://secunia.com/advisories/41210
http://www.phpmyadmin.net/home_page/security/PMASA-2010-7.php
http://xforce.iss.net/xforce/xfdb/61675

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-3263

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

3Com NBX VoIP NetSet Detection
Apache Open For Business HTML injection vulnerability
Apache Solr Directory Traversal Vulnerability Jan-14
AbanteCart Multiple Cross-Site Scripting Vulnerabilities
/cgi-bin directory browsable ?

phpMyAdmin Setup Script Request Cross Site Scripting Vulnerability

Take action and discover your vulnerabilities