phpMyAdmin 4.1.x < 126.96.36.199, 4.2.x < 4.2.4 Multiple XSS
Medium Nessus Network Monitor Plugin ID 8316
SynopsisThe remote web server contains a PHP application that is affected by multiple cross-site scripting vulnerabilities.
DescriptionVersions of phpMyAdmin earlier than 188.8.131.52 or 4.2.4 are affected by multiple cross-site scripting vulnerabilities, due to insufficient user input sanitation in the following areas :
- Input related to Recent/Favorite table navigation.
- Input of crafted table names, when hiding or unhiding a table in navigation.
SolutionEither upgrade to phpMyAdmin 4.2.4 or later, or apply the vendor's patch.