Description
The PMA_escapeJsString function in libraries/js_escape.lib.php in phpMyAdmin before 2.11.9.2, when Internet Explorer is used, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via a NUL byte inside a "</script" sequence.
Remediation
References
Related Vulnerabilities
Zenphoto Other Vulnerability (CVE-2007-0616)
Mailman Other Vulnerability (CVE-2006-0052)
Squid Missing Release of Memory after Effective Lifetime Vulnerability (CVE-2021-28652)
Oracle Database Server CVE-2008-0346 Vulnerability (CVE-2008-0346)
Python URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2021-28861)