FreeBSD : phpMyAdmin -- Multiple XSS (8c83145d-2c95-11e1-89b4-001ec9578670)

medium Nessus Plugin ID 57390

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

The phpMyAdmin development team reports :

Using crafted url parameters, it was possible to produce XSS on the export panels in the server, database and table sections.

Crafted values entered in the setup interface can produce XSS; also, if the config directory exists and is writeable, the XSS payload can be saved to this directory.

Solution

Update the affected package.

See Also

https://www.phpmyadmin.net/security/PMASA-2011-19/

https://www.phpmyadmin.net/security/PMASA-2011-20/

http://www.nessus.org/u?25314e10

Plugin Details

Severity: Medium

ID: 57390

File Name: freebsd_pkg_8c83145d2c9511e189b4001ec9578670.nasl

Version: 1.7

Type: local

Published: 12/23/2011

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.8

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:phpmyadmin, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 12/22/2011

Vulnerability Publication Date: 12/16/2011

Reference Information

CVE: CVE-2011-4780, CVE-2011-4782