This script is Copyright (C) 2011 Tenable Network Security, Inc.
The remote web server contains a PHP application that is affected by
multiple cross-site scripting vulnerabilities.
The version of phpMyAdmin on the remote host is 3.4.x prior to 3.4.5.
This version is affected by multiple cross-site scripting
- The data used in the row content display after inline
editing is not properly sanitized before it is passed
back to the browser.
- The data passed in as table, column, and index names
is not properly sanitized before it is passed back to
A remote attacker may use these issues to cause arbitrary code to be
executed in a user's browser, to steal authentication cookies and/or
to launch other types of attacks.
See also :
Apply the vendor patches or upgrade to phpMyAdmin version 3.4.5 or
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.6
Public Exploit Available : true
Family: CGI abuses : XSS
Nessus Plugin ID: 56379 ()
Bugtraq ID: 49648