FreeBSD : phpmyadmin -- XSS Vulnerability (85b0bbc8-a7a5-11dd-8283-001c2514716c)

This script is Copyright (C) 2008-2014 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

SecurityFocus reports :

phpMyAdmin is prone to a cross-site scripting vulnerability because it
fails to sufficiently sanitize user-supplied data.

An attacker may leverage this issue to execute arbitrary script code
in the browser of an unsuspecting user in the context of the affected
site. This may allow the attacker to steal cookie-based authentication
credentials and to launch other attacks.

See also :

http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-9
http://www.nessus.org/u?516656dd

Solution :

Update the affected packages.

Risk factor :

Low / CVSS Base Score : 2.6
(CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 2.1
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 34686 (freebsd_pkg_85b0bbc8a7a511dd8283001c2514716c.nasl)

Bugtraq ID: 31928

CVE ID: CVE-2008-4775

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now