FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

phpmyadmin -- XSS vulnerabilities

Affected packages
phpMyAdmin < 2.7.0

Details

VuXML ID 59ada6e5-676a-11da-99f6-00123ffe8333
Discovery 2005-12-05
Entry 2005-12-07

A phpMyAdmin security advisory reports:

It was possible to conduct an XSS attack via the HTTP_HOST variable; also, some scripts in the libraries directory that handle header generation were vulnerable to XSS.

References

CVE Name CVE-2005-3665
URL http://secunia.com/advisories/17895/
URL http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-8