Description
phpMyAdmin 3.5.x before 3.5.3 uses JavaScript code that is obtained through an HTTP session to phpmyadmin.net without SSL, which allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks by modifying this code.
Remediation
References
Related Vulnerabilities
Oracle JRE CVE-2012-3216 Vulnerability (CVE-2012-3216)
WordPress Plugin WP PRO Advertising System-All In One Ad Manager SQL Injection (4.6.18)
Serendipity Other Vulnerability (CVE-2004-2525)
WordPress Plugin Jetpack-WP Security, Backup, Speed, & Growth Cross-Site Scripting (3.5.2)
Atlassian Jira Exposure of Resource to Wrong Sphere Vulnerability (CVE-2021-39127)