User: Password:
|
|
Subscribe / Log in / New account

phpmyadmin: cross-site scripting

Package(s):phpmyadmin CVE #(s):CVE-2012-5339 CVE-2012-5368
Created:November 20, 2012 Updated:November 21, 2012
Description: From the CVE entries:

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.3 allow remote authenticated users to inject arbitrary web script or HTML via a crafted name of (1) an event, (2) a procedure, or (3) a trigger. (CVE-2012-5339)

phpMyAdmin 3.5.x before 3.5.3 uses JavaScript code that is obtained through an HTTP session to phpmyadmin.net without SSL, which allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks by modifying this code. (CVE-2012-5368)

Alerts:
openSUSE openSUSE-SU-2012:1507-1 phpmyadmin 2012-11-20

(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds