FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2008-2960

This CVE name corresponds to:

Entered Topic
2008-06-28 phpmyadmin -- Cross Site Scripting Vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2008-2960 at cve.mitre.org

Details

Type Candidate
Name CVE-2008-2960
Phase Assigned(20080702)

Description

Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.11.7, when register_globals is enabled and .htaccess support is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving scripts in libraries/.

References

Source Reference
MLIST [oss-security] 20080716 Re: CVE request: phpmyadmin < 2.11.7.1
CONFIRM http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-4
CONFIRM http://www.phpmyadmin.net/home_page/downloads.php?relnotes=0
MANDRIVA MDVSA-2008:131
SUSE SUSE-SR:2009:003
VUPEN ADV-2008-1904
SECUNIA 30813
SECUNIA 30816
SECUNIA 33822
XF phpmyadmin-libraryfiles-xss(43320)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.