FreeBSD : phpMyAdmin -- XSS vulnerabilities (fbb01289-2645-11e4-bc44-6805ca0b3d42)
Low Nessus Plugin ID 77235
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionThe phpMyAdmin development team reports :
Multiple XSS vulnerabilities in browse table, ENUM editor, monitor, query charts and table relations pages.
With a crafted database, table or a primary/unique key column name it is possible to trigger an XSS when dropping a row from the table. With a crafted column name it is possible to trigger an XSS in the ENUM editor dialog. With a crafted variable name or a crafted value for unit field it is possible to trigger a self-XSS when adding a new chart in the monitor page. With a crafted value for x-axis label it is possible to trigger a self-XSS in the query chart page. With a crafted relation name it is possible to trigger an XSS in table relations page.
XSS in view operations page.
With a crafted view name it is possible to trigger an XSS when dropping the view in view operation page.
SolutionUpdate the affected package.