Description

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.4.x before 3.4.8 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted database name, related to the Database Synchronize panel; (2) a crafted database name, related to the Database rename panel; (3) a crafted SQL query, related to the table overview panel; (4) a crafted SQL query, related to the view creation dialog; (5) a crafted column type, related to the table search dialog; or (6) a crafted column type, related to the create index dialog.

Remediation

References

CVE-2011-4634

Related Vulnerabilities

Apache Tomcat Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-5647)

PHP Improper Input Validation Vulnerability (CVE-2012-0788)

Oracle Application Server CVE-2006-3714 Vulnerability (CVE-2006-3714)

concrete5 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-5107)

WordPress Plugin iThemes Exchange:Simple WP Ecommerce Remote Code Execution (1.14.0)

Severity

Medium

Classification

CVE-2011-4634 CWE-707

Tags

Missing Update Known Vulnerabilities