CVE-2011-3592

Multiple cross-site scripting XSS vulnerabilities in the PMAunInlineEditRow function in js/sql.js in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a 1 database name, 2 table name, or 3 column name that is not properly handled after an...

Fedora 14 : phpMyAdmin-3.4.5-1.fc14 (2011-12918)

Changes for 3.4.5.0 2011-09-14 : - interface Page list in navigation frame looks odd - interface Error div misplaced - interface Comment on a column breaks inline editing - display Order by a column in a view doesn't work in some cases - interface Add missing space to server status - core Remove...

phpMyAdmin -- multiple XSS vulnerabilities

phpMyAdmin development team reports: Firstly, if a row contains javascript code, after inline editing this row and saving, the code is executed. Secondly, missing sanitization on the db, table and column names leads to XSS vulnerabilities. Versions 3.4.0 to 3.4.4 were found vulnerable...