phpMyAdmin 4.0.x < 184.108.40.206 / 4.1.x < 220.127.116.11 / 4.2.x < 18.104.22.168 Multiple XSS (PMASA-2014-12)
Medium Nessus Network Monitor Plugin ID 8564
SynopsisThe remote web server contains a PHP application that is affected by multiple cross-site scripting vulnerabilities.
DescriptionVersions of phpMyAdmin earlier than 22.214.171.124, 126.96.36.199, and 188.8.131.52 are unpatched for cross-site scripting vulnerabilities affecting the SQL debug output and server monitor page. These vulnerabilities can be leveraged to steal cookie-based authentication, among other potential attacks, though note that they can only be leveraged by a logged-in user.
SolutionEither upgrade to phpMyAdmin 184.108.40.206, 220.127.116.11, 18.104.22.168 or later, or apply the patches from the referenced links.