|
|
CVE Reference: CVE-2007-1395 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2007-1395 |
|
|
Description: Incomplete blacklist vulnerability in index.php in phpMyAdmin 2.8.0 through 2.9.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by injecting arbitrary JavaScript or HTML in a (1) db or (2) table parameter value followed by an uppercase </SCRIPT> end tag, which bypasses the protection against lowercase </script>. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/32858 SREASON http://securityreason.com/securityalert/2402 SAID Secunia Advisory: SA26733 OSVDB 35048 MISC http://www.virtuax.be/advisories/Advisory2-24012007.txt MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2007:199 DEBIAN http://www.us.debian.org/security/2007/dsa-1370 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/462139/100/0/threaded |
|
| Return to the previous page. |
