Description
Multiple cross-site scripting (XSS) vulnerabilities in PhpMyAdmin before 2.9.1.1 allow remote attackers to inject arbitrary HTML or web script via (1) a comment for a table name, as exploited through (a) db_operations.php, (2) the db parameter to (b) db_create.php, (3) the newname parameter to db_operations.php, the (4) query_history_latest, (5) query_history_latest_db, and (6) querydisplay_tab parameters to (c) querywindow.php, and (7) the pos parameter to (d) sql.php.
Remediation
References
Related Vulnerabilities
WordPress Plugin Get URL Cron Multiple Vulnerabilities (1.4.7)
WordPress Plugin EWWW Image Optimizer Cloud Cross-Site Scripting (2.0.1)
Oracle Database Server CVE-2006-5334 Vulnerability (CVE-2006-5334)
Oracle JRE CVE-2013-2449 Vulnerability (CVE-2013-2449)
WordPress Plugin Debug Bar Multiple Unspecified Vulnerabilities (0.8.4)