CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
EPSS
Percentile
78.4%
Announcement-ID: PMASA-2007-7
Date: 2007-11-11
XSS vulnerabilities
We received an advisory from Omer Singer, The DigiTrust Group, and we wish to thank him for his work. It was possible to create a malicious database name that contains XSS code.
Our team fixed another XSS vulnerability regarding database names.
We consider these vulnerabilities to be serious.
Probably all versions before 2.11.2.1.
Upgrade to phpMyAdmin 2.11.2.1 or newer.
For the first issue: <http://www.digitrustgroup.com/advisories/tdg-advisory071108a.html>
Assigned CVE ids: CVE-2007-5977
The following commits have been made to fix this issue:
For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.