Description
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.4.x before 3.4.8 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted database name, related to the Database Synchronize panel; (2) a crafted database name, related to the Database rename panel; (3) a crafted SQL query, related to the table overview panel; (4) a crafted SQL query, related to the view creation dialog; (5) a crafted column type, related to the table search dialog; or (6) a crafted column type, related to the create index dialog.
Remediation
References
Related Vulnerabilities
MediaWiki Improper Input Validation Vulnerability (CVE-2010-1189)
WordPress Plugin Yakadanda Google+ Hangout Events Cross-Site Scripting (0.3.7)
WordPress Plugin Backup Scheduler Cross-Site Request Forgery (1.5.13)
PostgreSQL Incorrect Authorization Vulnerability (CVE-2021-20229)
PrestaShop Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-15081)