FreeBSD : phpMyAdmin -- Multiple XSS (ed536336-1c57-11e1-86f4-e0cb4e266481)

This script is Copyright (C) 2011-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

The phpMyAdmin development team reports :

Using crafted database names, it was possible to produce XSS in the
Database Synchronize and Database rename panels. Using an invalid and
crafted SQL query, it was possible to produce XSS when editing a query
on a table overview panel or when using the view creation dialog.
Using a crafted column type, it was possible to produce XSS in the
table search and create index dialogs.

See also :

http://www.phpmyadmin.net/home_page/security/PMASA-2011-18.php
http://www.nessus.org/u?c6dfa9ce

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 56988 ()

Bugtraq ID:

CVE ID: CVE-2011-4634

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now