Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

phpMyAdmin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-3742)

Description

Cross-site scripting (XSS) vulnerability in view_create.php (aka the Create View page) in phpMyAdmin 4.x before 4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via an invalid SQL CREATE VIEW statement with a crafted name that triggers an error message.

Remediation

References

Related Vulnerabilities

WordPress Plugin Automated Content for Real Estate Multiple Unspecified Vulnerabilities (5.4.2)

ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-8896)

WordPress Plugin SoundCloud Is Gold Cross-Site Scripting (2.3.1)

Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-5651)

WordPress Plugin Contact Form 7 Database Information Disclosure (1.3)

Severity

Low

Classification

CVE-2013-3742 CWE-707

Tags

Missing Update Known Vulnerabilities