Vigil@nce - phpMyAdmin: Cross Site Scripting
September 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker can use some parameters of setup.php script in order
to inject JavaScript code in phpMyAdmin.
Severity: 2/4
Creation date: 09/09/2010
DESCRIPTION OF THE VULNERABILITY
The phpMyAdmin program is used to administer a MySQL database.
The setup.php script configures the environment. This script does
not filter some parameters its receives.
This vulnerability therefore allows an attacker to conduct a Cross
Site Scripting attack.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/phpMyAdmin-Cross-Site-Scripting-9911