FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

phpmyadmin -- cross-site scripting vulnerability

Affected packages
phpMyAdmin < 2.11.1.2

Details

VuXML ID 498a8731-7cfc-11dc-96e6-0012f06707f0
Discovery 2007-10-17
Entry 2007-10-17
Modified 2010-05-12

The DigiTrust Group discovered serious XSS vulnerability in the phpMyAdmin server_status.php script. According to their report

vulnerability can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

References

CVE Name CVE-2007-5589
URL http://www.digitrustgroup.com/advisories/TDG-advisory071015a.html
URL http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-6