CVE-2011-2642

2011-08-01T19:55:00
ID CVE-2011-2642
Type cve
Reporter cve@mitre.org
Modified 2017-08-29T01:29:00

Description

Multiple cross-site scripting (XSS) vulnerabilities in the table Print view implementation in tbl_printview.php in phpMyAdmin before 3.3.10.3 and 3.4.x before 3.4.3.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted table name. Per: http://www.phpmyadmin.net/home_page/security/PMASA-2011-9.php

'The attacker must trick the victim into clicking a link that reaches phpMyAdmin's table print view script; one of the link's parameters is a crafted table name (the name containing Javascript code).'

'Mitigation factor

The crafted table name must exist (the attacker must have access to create a table on the victim's server).'