phpMyAdmin -- Multiple XSS

2011-12-16T00:00:00
ID 8C83145D-2C95-11E1-89B4-001EC9578670
Type freebsd
Reporter FreeBSD
Modified 2011-12-16T00:00:00

Description

The phpMyAdmin development team reports:

Using crafted url parameters, it was possible to produce XSS on the export panels in the server, database and table sections.

Crafted values entered in the setup interface can produce XSS; also, if the config directory exists and is writeable, the XSS payload can be saved to this directory.