Vigil@nce - phpMyAdmin: two Cross Site Scripting
January 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use two Cross Site Scripting of phpMyAdmin, in
order to execute JavaScript code in the context of the web site.
Severity: 2/4
Creation date: 22/12/2011
IMPACTED PRODUCTS
– Fedora
– Mandriva Enterprise Server
– phpMyAdmin
DESCRIPTION OF THE VULNERABILITY
The phpMyAdmin program is used to administer a MySQL database. It
is impacted by two vulnerabilities.
An attacker can generate a Cross Site Scripting in the setup
interface via the host parameter. [severity:2/4; BID-51166,
CVE-2011-4782, PMASA-2011-19, TWSL2011-019]
An attacker can generate a Cross Site Scripting in the limit_to
and filename_template parameters of the export panel.
[severity:2/4; CVE-2011-4780, PMASA-2011-20]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/phpMyAdmin-two-Cross-Site-Scripting-11247