FreeBSD : phpMyAdmin -- XSS due to unescaped HTML output in Create View page (6b97436c-ce1e-11e2-9cb2-6805ca0b3d42)
Low Nessus Plugin ID 66814
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionThe phpMyAdmin development team reports :
When creating a view with a crafted name and an incorrect CREATE statement, it is possible to trigger an XSS.
This vulnerability can be triggered only by someone who logged in to phpMyAdmin, as the usual token protection prevents non-logged-in users from accessing the required form.
SolutionUpdate the affected package.