CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
87.5%
Announcement-ID: PMASA-2007-4
Date: 2007-04-24
Updated: 2007-05-17
XSS vulnerabilities
We received an advisory from Lukasz Plonka “sp3x” (SecurityReason) and we wish to thank him for his work. It was possible to trigger these attacks on various scripts due to shortcomings in the JavaScript code detection.
We consider these vulnerabilities to be serious.
Probably all versions to 2.10.0.2.
Upgrade to phpMyAdmin 2.10.1 or newer.
Assigned CVE ids: CVE-2007-2245
The following commits have been made to fix this issue:
For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.