Description: Cedric Cochin has reported some vulnerabilities in phpMyAdmin, which can be exploited by malicious people to conduct cross-site scripting attacks.
Input passed to the "zero_rows" and "sql_query" parameters in "read_dump.php" and the "PmaAbsoluteUri" parameter is not sufficiently sanitised before being returned to users. This can be exploited to execute arbitrary HTML or script code in a user's browser session in context of a vulnerable site.
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
