logo
DATABASE RESOURCES PRICING ABOUT US

phpMyAdmin error.php BBcode Tag XSS (PMASA-2010-9)

Description

The version of phpMyAdmin fails to validate BBcode tags in user input to the 'error' parameter of the 'error.php' script before using it to generate dynamic HTML. An attacker may be able to leverage this issue to inject arbitrary HTML or script code into a user's browser to be executed within the security context of the affected site. For example, this could be used to cause a page with arbitrary text and a link to an external site to be displayed.


Related