Vigil@nce: phpMyAdmin, two Cross Site Scripting
September 2011 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use two Cross Site Scripting of phpMyAdmin, in
order to execute JavaScript code in the context of the web site.
– Severity: 2/4
– Creation date: 15/09/2011
IMPACTED PRODUCTS
– Fedora
– TYPO3
– Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The phpMyAdmin program is used to administer a MySQL database. It
is impacted by two vulnerabilities.
An attacker can create a Cross Site Scripting in the confirmation
dialog window for DROP, DELETE and ALTER operations. [severity:2/4]
An attacker can create a Cross Site Scripting in the
PMA_unInlineEditRow() function, which processes the inline
edition. [severity:2/4]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/phpMyAdmin-two-Cross-Site-Scripting-10997