CVE-2007-1395 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2007-1395
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-1395

Description: Incomplete blacklist vulnerability in index.php in phpMyAdmin 2.8.0 through 2.9.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by injecting arbitrary JavaScript or HTML in a (1) db or (2) table parameter value followed by an uppercase </SCRIPT> end tag, which bypasses the protection against lowercase </script>.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/32858 SREASON http://securityreason.com/securityalert/2402 SAID Secunia Advisory: SA26733 OSVDB 35048 MISC http://www.virtuax.be/advisories/Advisory2-24012007.txt MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2007:199 DEBIAN http://www.us.debian.org/security/2007/dsa-1370 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/462139/100/0/threaded

Return to the previous page.