FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

phpMyAdmin -- Multiple XSS

Affected packages
3.4 < phpMyAdmin < 3.4.9.r1


VuXML ID 8c83145d-2c95-11e1-89b4-001ec9578670
Discovery 2011-12-16
Entry 2011-12-22

The phpMyAdmin development team reports:

Using crafted url parameters, it was possible to produce XSS on the export panels in the server, database and table sections.

Crafted values entered in the setup interface can produce XSS; also, if the config directory exists and is writeable, the XSS payload can be saved to this directory.


CVE Name CVE-2011-4780
CVE Name CVE-2011-4782