phpMyAdmin setup.php Verbose Server Name XSS (PMASA-2010-7)
Medium Nessus Plugin ID 49142
SynopsisThe remote web server contains a PHP application that has a cross- site scripting vulnerability.
DescriptionThe setup script included with the version of phpMyAdmin installed on the remote host does not properly sanitize user-supplied input to the 'verbose server name' field.
A remote attacker could exploit this by tricking a user into executing arbitrary script code.
SolutionUpgrade to phpMyAdmin 3.3.7 or later.