phpMyAdmin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2006-2417)

Description

Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.x before 2.8.0.4 allows remote attackers to inject arbitrary web script or HTML via the theme parameter in unknown scripts. NOTE: the lang parameter is already covered by CVE-2006-2031.

Remediation

References

CVE-2006-2417

Related Vulnerabilities

WebLogic CVE-2023-21841 Vulnerability (CVE-2023-21841)

WordPress Plugin Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Remote Code Execution (1.5.89)

Plone CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-7060)

WordPress Plugin CMS Commander Client PHP Object Injection (2.21)

Atlassian Jira Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-20408)

Severity

Medium

Classification

CVE-2006-2417 CWE-707