Description

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.4.x before 3.4.8 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted database name, related to the Database Synchronize panel; (2) a crafted database name, related to the Database rename panel; (3) a crafted SQL query, related to the table overview panel; (4) a crafted SQL query, related to the view creation dialog; (5) a crafted column type, related to the table search dialog; or (6) a crafted column type, related to the create index dialog.

Remediation

References

CVE-2011-4634

Related Vulnerabilities

MediaWiki Improper Input Validation Vulnerability (CVE-2010-1189)

WordPress Plugin Yakadanda Google+ Hangout Events Cross-Site Scripting (0.3.7)

WordPress Plugin Backup Scheduler Cross-Site Request Forgery (1.5.13)

PostgreSQL Incorrect Authorization Vulnerability (CVE-2021-20229)

PrestaShop Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-15081)

Severity

Medium

Classification

CVE-2011-4634 CWE-707

Tags

Missing Update Known Vulnerabilities