icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

phpMyAdmin 4.1.x < 4.1.14.1, 4.2.x < 4.2.4 Multiple XSS

Medium

Synopsis

The remote web server contains a PHP application that is affected by multiple cross-site scripting vulnerabilities.

Description

Versions of phpMyAdmin earlier than 4.1.14.1 or 4.2.4 are affected by multiple cross-site scripting vulnerabilities, due to insufficient user input sanitation in the following areas :

- Input related to Recent/Favorite table navigation. - Input of crafted table names, when hiding or unhiding a table in navigation.

Solution

Either upgrade to phpMyAdmin 4.2.4 or later, or apply the vendor's patch.