CVE-2005-3787

Properties

Published:
22.11.2005
Updated:
29.11.2005
Patch available:
Severity:
Low
  • CVSS vector:
    (AV:R/AC:L/Au:NR/C:N/I:P/A:N/B:N)
    Product:
    phpmyadmin: phpmyadmin
    phpmyadmin: phpmyadmin
    phpmyadmin: phpmyadmin
    phpmyadmin: phpmyadmin
    phpmyadmin: phpmyadmin
    phpmyadmin: phpmyadmin
    phpmyadmin: phpmyadmin
    phpmyadmin: phpmyadmin
    phpmyadmin: phpmyadmin
    phpmyadmin: phpmyadmin
    phpmyadmin: phpmyadmin
    phpmyadmin: phpmyadmin
    phpmyadmin: phpmyadmin

    Vulnerability description

    Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4-pl4 allow remote attackers to inject arbitrary web script or HTML via (1) the cookie-based login panel, (2) the title parameter and (3) the table creation dialog.

    References:

    http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-7: http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-7
    SUSE: http://www.securityfocus.com/archive/1/archive/1/423142/100/0/threaded
    SECUNIA: http://secunia.com/advisories/18618
    SECUNIA: http://secunia.com/advisories/17578