Description
Multiple cross-site scripting (XSS) vulnerabilities in the Database Structure page in phpMyAdmin 3.4.x before 3.4.11.1 and 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) a crafted table name during table creation, or a (2) Empty link or (3) Drop link for a crafted table name.
Remediation
References
Related Vulnerabilities
WordPress Plugin Widgets on Pages Cross-Site Scripting (1.6.0)
TYPO3 CVE-2013-7080 Vulnerability (CVE-2013-7080)
Joomla Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-8563)
IBM WebSEAL CVE-2018-1850 Vulnerability (CVE-2018-1850)
Oracle Database Server CVE-2011-0831 Vulnerability (CVE-2011-0831)