Description
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via a Table Operations (1) TRUNCATE or (2) DROP link for a crafted table name, (3) the Add Trigger popup within a Triggers page that references crafted table names, (4) an invalid trigger-creation attempt for a crafted table name, (5) crafted data in a table, or (6) a crafted tooltip label name during GIS data visualization, a different issue than CVE-2012-4345.
Remediation
References
Related Vulnerabilities
Oracle HTTP Server Integer Overflow or Wraparound Vulnerability (CVE-2022-25315)
Oracle Application Server CVE-2009-3407 Vulnerability (CVE-2009-3407)
Oracle Database Server CVE-2010-2391 Vulnerability (CVE-2010-2391)
WordPress Plugin CMP-Coming Soon & Maintenance by NiteoThemes Security Bypass (3.8.1)
WordPress Plugin Revive Old Post-Auto Post to Social Media 'cat' Parameter SQL Injection (3.2.5)