Description

Multiple cross-site scripting (XSS) vulnerabilities in the Database Structure page in phpMyAdmin 3.4.x before 3.4.11.1 and 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) a crafted table name during table creation, or a (2) Empty link or (3) Drop link for a crafted table name.

Remediation

References

CVE-2012-4345

Related Vulnerabilities

Apache Traffic Server Improper Input Validation Vulnerability (CVE-2022-25763)

Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2017-7525)

EspoCRM Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-5966)

Apache Tomcat Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2017-12617)

WordPress Plugin VIDEO GALLERY 'upload1.php' Arbitrary File Upload (1.3)

Severity

Low

Classification

CVE-2012-4345 CWE-707

Tags

Missing Update Known Vulnerabilities