FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

phpMyAdmin -- Multiple XSS

Affected packages
3.4 < phpMyAdmin < 3.4.9.r1

Details

VuXML ID 8c83145d-2c95-11e1-89b4-001ec9578670
Discovery 2011-12-16
Entry 2011-12-22

The phpMyAdmin development team reports:

Using crafted url parameters, it was possible to produce XSS on the export panels in the server, database and table sections.

Crafted values entered in the setup interface can produce XSS; also, if the config directory exists and is writeable, the XSS payload can be saved to this directory.

References

CVE Name CVE-2011-4780
CVE Name CVE-2011-4782
URL http://www.phpmyadmin.net/home_page/security/PMASA-2011-19.php
URL http://www.phpmyadmin.net/home_page/security/PMASA-2011-20.php