CVE-2012-5339

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.5.x before 3.5.3 allow remote authenticated users to inject arbitrary web script or HTML via a crafted name of 1 an event, 2 a procedure, or 3 a trigger...

CVE-2012-5339

CVE-2012-5339 concerns phpMyAdmin 3.5.x before 3.5.3, with multiple XSS flaws that allow remote authenticated users to inject arbitrary script via crafted names of (1) an event, (2) a procedure, or (3) a trigger. The affected product/version is phpMyAdmin 3.5.x prior to 3.5.3; advisories indicate...

FreeBSD Ports: phpMyAdmin

The remote host is missing an update to the system as announced in the referenced advisory. VID ef417da3-1640-11e2-999b-e0cb4e266481 OpenVAS Vulnerability Test $ Description: Auto generated from VID ef417da3-1640-11e2-999b-e0cb4e266481 Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...

FreeBSD Ports: phpMyAdmin

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2012 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

phpMyAdmin 3.5.x HTML注入漏洞

Bugtraq ID:55925 CVE ID:CVE-2012-5339 phpMyAdmin是一款基于PHP的MySQL管理程序。 phpMyAdmin Trigger, Procedure和Event页面不正确转义HTML输出，使用特殊名创建/修改trigger, event或procedure时，可触发跨站脚本攻击，可获得敏感信息或劫持用户会话。 0 phpMyAdmin 3.5.x 厂商解决方案 phpMyAdmin 3.5.3已经修复此漏洞，建议用户下载使用： http://www.phpmyadmin.net/...

Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages.

PMASA-2012-6 Announcement-ID: PMASA-2012-6 Date: 2012-10-12 Summary Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages. Description When creating/modifying a trigger, event or procedure with a crafted name, it is possible to trigger an XSS. Severity We consider these...