ID CVE-2011-2642
Type cve
Modified 2017-08-29T01:29:00


Multiple cross-site scripting (XSS) vulnerabilities in the table Print view implementation in tbl_printview.php in phpMyAdmin before and 3.4.x before allow remote authenticated users to inject arbitrary web script or HTML via a crafted table name. Per:

'The attacker must trick the victim into clicking a link that reaches phpMyAdmin's table print view script; one of the link's parameters is a crafted table name (the name containing Javascript code).'

'Mitigation factor

The crafted table name must exist (the attacker must have access to create a table on the victim's server).'