FreeBSD : phpMyAdmin -- XSRF/CSRF due to DOM based XSS in the micro history feature (cc627e6c-3b89-11e4-b629-6805ca0b3d42)
Medium Nessus Plugin ID 77679
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionThe phpMyAdmin development team reports :
XSRF/CSRF due to DOM based XSS in the micro history feature.
By deceiving a logged-in user to click on a crafted URL, it is possible to perform remote code execution and in some cases, create a root account due to a DOM based XSS vulnerability in the micro history feature.
SolutionUpdate the affected package.