Description

The PMA_escapeJsString function in libraries/js_escape.lib.php in phpMyAdmin before 2.11.9.2, when Internet Explorer is used, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via a NUL byte inside a "</script" sequence.

Remediation

References

CVE-2008-4326

Related Vulnerabilities

WebLogic CVE-2020-14645 Vulnerability (CVE-2020-14645)

WordPress Plugin Health Check & Troubleshooting Arbitrary File Disclosure (1.2.3)

PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2009-3558)

Drupal Core 4.6.x SQL Injection (4.6.0 - 4.6.6)

GlassFish CVE-2012-0104 Vulnerability (CVE-2012-0104)

Severity

Medium

Classification

CVE-2008-4326 CWE-707

Tags

Missing Update Known Vulnerabilities