Description
Cross-site scripting (XSS) vulnerability in pmd_pdf.php in phpMyAdmin 3.0.0, and possibly other versions including 2.11.9.2 and 3.0.1, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the db parameter, a different vector than CVE-2006-6942 and CVE-2007-5977.
Remediation
References
Related Vulnerabilities
Magento Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2015-1399)
WordPress Plugin Pay Per Media Player Multiple Cross-Site Scripting Vulnerabilities (1.24)
WordPress Plugin Poll, Survey, Form & Quiz Maker by OpinionStage Unspecified Vulnerability (15.0.0)
WordPress Plugin WP Review Slider SQL Injection (10.9)
WordPress Plugin YITH WooCommerce Ajax Search Unspecified Vulnerability (1.2.7)