This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.
The remote web server contains a PHP application that is affected by
multiple cross-site scripting vulnerabilities.
The remote host contains a version of phpMyAdmin - 3.3.x less than
220.127.116.11 or 3.4.x less than 3.4.4 - that is affected by multiple
cross-site scripting vulnerabilities.
The data in the 'table', 'column', and 'index' variables of the script
'tbl_tracking.php' are not properly sanitized before being sent to the
These errors can allow an unauthenticated user to trick an
authenticated user into requesting a URL thereby injecting arbitrary
HTML or script code into the authenticated user's browser.
These errors can also allow an attacker who has access to the database
to create persistent strings of cross-site scripting code that will
inject arbitrary HTML or script code into an authenticated user's
browser at a later time.
See also :
Upgrade to phpMyAdmin version 18.104.22.168 / 3.4.4 or later.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.6
Public Exploit Available : true