CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N
EPSS
Percentile
68.9%
Announcement-ID: PMASA-2006-2
Date: 2006-05-12
XSS vulnerabilities
1. It was possible to conduct an XSS attack with a crafted lang or theme parameter.
2. The db parameter was also vulnerable to an XSS attack.
We consider these vulnerabilities to be serious.
[1] All 2.8.0.x releases before 2.8.0.4 are affected, previous versions are not.<br /> [2] Some releases before 2.8.0.4 are affected (2.6.2 tested vulnerable).
Upgrade to phpMyAdmin 2.8.0.4.
We wish to thank Sven Vetsch/Disenchant for informing us in a responsible manner. His site is <http://www.disenchant.ch>.
Assigned CVE ids: CVE-2006-2031
The following commits have been made to fix this issue:
For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.