Description
error.php in PhpMyAdmin 3.3.8.1, and other versions before 3.4.0-beta1, allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted BBcode tag containing "@" characters, as demonstrated using "[a@url@page]".
Remediation
References
Related Vulnerabilities
WordPress Plugin LearnPress-WordPress LMS Multiple Cross-Site Scripting Vulnerabilities (4.1.3)
WordPress Plugin UpdraftPlus WordPress Backup Cross-Site Scripting (1.22.8)
WordPress Plugin Bliss Gallery 'upload.php' Arbitrary File Upload (2.1)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2009-4299)
WordPress Plugin Multi Step Form Multiple Cross-Site Scripting Vulnerabilities (1.2.5)