This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.
The remote web server hosts a PHP application that is affected by
multiple cross-site scripting vulnerabilities.
According to its self-identified version number, the phpMyAdmin
install hosted on the remote web server is affected by multiple
cross-site scripting vulnerabilities. Using a crafted table
name, it's possible to produce the issue with the following
pages / conditions :
- The Database Structure page by creating a table with a
crafted name or using the Empty and Drop links of the
crafted table name.
- The Table Operations page of a crafted table by using
the 'Empty the table (TRUNCATE)' and 'Delete the table
- The Triggers page of a database containing tables with
a crafted name when opening the 'Add Trigger' popup.
- When creating a trigger for a table with a crafted name
with an invalid definition.
- When visualizing GIS data, having a crafted label name.
Note - versions 3.4.x are only affected by the issues on the
Database Structure page, while versions 3.5.x are affected by all
the issues listed.
See also :
Either upgrade to phpMyAdmin 126.96.36.199 / 188.8.131.52 or later, or apply
the patch from the referenced link
Risk factor :
Low / CVSS Base Score : 3.5
CVSS Temporal Score : 2.9
Public Exploit Available : true