Description
phpMyAdmin 3.5.x before 3.5.3 uses JavaScript code that is obtained through an HTTP session to phpmyadmin.net without SSL, which allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks by modifying this code.
Remediation
References
Related Vulnerabilities
Oracle JRE CVE-2022-21248 Vulnerability (CVE-2022-21248)
MySQL Cleartext Transmission of Sensitive Information Vulnerability (CVE-2017-3305)
WordPress Plugin ToolBar to Share Cross-Site Request Forgery (2.0)
PHP Numeric Errors Vulnerability (CVE-2016-10158)
RubyGems Improper Input Validation Vulnerability (CVE-2015-4020)