FreeBSD : phpMyAdmin -- Multiple XSS (8c83145d-2c95-11e1-89b4-001ec9578670)

This script is Copyright (C) 2011-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

The phpMyAdmin development team reports :

Using crafted url parameters, it was possible to produce XSS on the
export panels in the server, database and table sections.

Crafted values entered in the setup interface can produce XSS; also,
if the config directory exists and is writeable, the XSS payload can
be saved to this directory.

See also :

http://www.phpmyadmin.net/home_page/security/PMASA-2011-19.php
http://www.phpmyadmin.net/home_page/security/PMASA-2011-20.php
http://www.nessus.org/u?42ad6d18

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 57390 ()

Bugtraq ID:

CVE ID: CVE-2011-4780
CVE-2011-4782

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now