Lucene search
RootSSV:20901HistoryAug 26, 2011 - 12:00 a.m.
phpMyAdmin跟踪功能多个跨站脚本漏洞
2011-08-2600:00:00
Root
www.seebug.org
17
EPSS
0.003
Percentile
70.5%
Bugtraq ID: 49306
CVE ID:CVE-2011-3181
phpMyAdmin存在多个安全漏洞,允许恶意用户进行脚本注入攻击。
部分传递给table, column和index名的输入在跟踪功能中使用前缺少过滤,可被利用注入任意HTML和脚本代码,当恶意数据被查看时可以目标用户浏览器安全上下文执行恶意代码。
phpMyAdmin 3.x
厂商解决方案
phpMyAdmin 3.4.4和3.3.10.4已经修复此漏洞,建议用户下载使用:
http://www.phpmyadmin.net/
Related
fedora
fedora
[SECURITY] Fedora 16 Update: phpMyAdmin-3.4.4-1.fc16
2011-09-13 06:12:49
[SECURITY] Fedora 15 Update: phpMyAdmin-3.4.4-1.fc15
2011-09-13 05:55:00
[SECURITY] Fedora 14 Update: phpMyAdmin-3.4.4-1.fc14
2011-09-13 05:53:08
cvelist
cvelist
CVE-2011-3181
2011-08-29 17:00:00
openvas
openvas
Fedora Update for phpMyAdmin FEDORA-2011-11477
2012-04-02 00:00:00
Fedora Update for phpMyAdmin FEDORA-2011-11477
2012-04-02 00:00:00
FreeBSD Ports: phpMyAdmin
2011-09-21 00:00:00
ubuntucve
ubuntucve
CVE-2011-3181
2011-08-29 00:00:00
nessus
nessus
phpMyAdmin 3.3.x / 3.4.x < 3.3.10.4 / 3.4.4 XSS (PMASA-2011-13
2011-08-29 00:00:00
Fedora 14 : phpMyAdmin-3.4.4-1.fc14 (2011-11594)
2011-09-14 00:00:00
freebsd
freebsd
phpMyAdmin -- multiple XSS vulnerabilities
2011-08-24 00:00:00
cve
cve
CVE-2011-3181
2011-08-29 17:55:01
debiancve
debiancve
CVE-2011-3181
2011-08-29 17:55:01
phpmyadmin
phpmyadmin
Multiple XSS in the Tracking feature.
2011-08-24 00:00:00
prion
prion
Cross site scripting
2011-08-29 17:55:00
nvd
nvd
CVE-2011-3181
2011-08-29 17:55:01
debian
debian
[SECURITY] [DSA 2391-1] phpmyadmin security update
2012-01-22 13:00:02
osv
osv
phpmyadmin - several
2012-01-22 00:00:00