Description

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.4.x before 3.4.8 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted database name, related to the Database Synchronize panel; (2) a crafted database name, related to the Database rename panel; (3) a crafted SQL query, related to the table overview panel; (4) a crafted SQL query, related to the view creation dialog; (5) a crafted column type, related to the table search dialog; or (6) a crafted column type, related to the create index dialog.

Remediation

References

CVE-2011-4634

Related Vulnerabilities

Microsoft SQL Server CVE-2024-0056 Vulnerability (CVE-2024-0056)

WordPress Plugin Google Authenticator-Per User Prompt Timing Attack (0.6)

OpenSSL CVE-2021-4160 Vulnerability (CVE-2021-4160)

MySQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-3319)

WordPress Plugin Download Manager Cross-Site Scripting (3.2.42)

Severity

Medium

Classification

CVE-2011-4634 CWE-707

Tags

Missing Update Known Vulnerabilities