This script is Copyright (C) 2011-2015 Tenable Network Security, Inc.
The remote web server contains a PHP application that is affected by
multiple cross-site scripting vulnerabilities.
The remote host contains a version of phpMyAdmin - 3.3.x less than
220.127.116.11 or 3.4.x less than 3.4.4 - that is affected by multiple
cross-site scripting vulnerabilities.
The data in the 'table', 'column', and 'index' variables of the script
'tbl_tracking.php' are not properly sanitized before being sent to the
These errors can allow an unauthenticated user to trick an
authenticated user into requesting a URL thereby injecting arbitrary
HTML or script code into the authenticated user's browser.
These errors can also allow an attacker who has access to the database
to create persistent strings of cross-site scripting code that will
inject arbitrary HTML or script code into an authenticated user's
browser at a later time.
See also :
Upgrade to phpMyAdmin version 18.104.22.168 / 3.4.4 or later.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.6
Public Exploit Available : true
Family: CGI abuses : XSS
Nessus Plugin ID: 55993 ()
Bugtraq ID: 49306
CVE ID: CVE-2011-3181
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.