Description

Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.x before 2.8.0.4 allows remote attackers to inject arbitrary web script or HTML via the theme parameter in unknown scripts. NOTE: the lang parameter is already covered by CVE-2006-2031.

Remediation

References

CVE-2006-2417

Related Vulnerabilities

Drupal Core 8.7.4 Security Bypass (8.7.4)

phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-2206)

WordPress Plugin Keyring Cross-Site Scripting (1.5)

WordPress Plugin MiniCart SQL Injection (1.00.1)

Drupal Core 4.7.x Cross-Site Scripting (4.7.0 - 4.7.4)

Severity

Medium

Classification

CVE-2006-2417 CWE-707

Tags

Missing Update Known Vulnerabilities