Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

phpMyAdmin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-4997)

Description

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving a JavaScript event in (1) an anchor identifier to setup/index.php or (2) a chartTitle (aka chart title) value.

Remediation

References

Related Vulnerabilities

PostgreSQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-7486)

WordPress Plugin WordPress Photo Gallery by Gallery Bank Unspecified Vulnerability (4.0.48)

Atlassian Jira CVE-2021-39123 Vulnerability (CVE-2021-39123)

WordPress Plugin User Activity Log Multiple Vulnerabilities (1.2.4)

Apache HTTP Server Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2020-11993)

Severity

Medium

Classification

CVE-2013-4997 CWE-707

Tags

Missing Update Known Vulnerabilities