WEB APPLICATION VULNERABILITIES Standard & Premium

phpMyAdmin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-5002)

Description

Cross-site scripting (XSS) vulnerability in libraries/schema/Export_Relation_Schema.class.php in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted pageNumber value to schema_export.php.

Remediation

References

Related Vulnerabilities

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2009-0737)

MySQL Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2014-0001)

WordPress Plugin Theme Tuner 'tt-abspath' Parameter Remote File Include (0.7)

RubyGems Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2018-1000075)

Oracle Database Server CVE-2012-3146 Vulnerability (CVE-2012-3146)

Severity

Low

Classification

CVE-2013-5002 CWE-707

Tags

Missing Update Known Vulnerabilities