Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-0543

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2005-0543
Last Modified 05 Sep 2008 04:46:36
Published 24 Feb 2005 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2005-0543

Summary

Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary HTML and web script via (1) the strServer, cfg[BgcolorOne], or strServerChoice parameters in select_server.lib.php, (2) the bg_color or row_no parameters in display_tbl_links.lib.php, the left_font_family parameter in theme_left.css.php, or the right_font_family parameter in theme_right.css.php.

Vulnerable Systems

Operating System

  • Suse Linux 8.2

  • Suse Linux 9.0

  • Suse Linux 9.1

  • Suse Linux 9.2

Application

  • Phpmyadmin 2.6.0 Pl2

  • Phpmyadmin 2.6.0 Pl3

  • Phpmyadmin 2.6.1

  • Phpmyadmin 2.6.1 Rc1


References

XF - phpmyadmin-multiple-php-xss(19462)

BID - 12644

GENTOO - GLSA-200503-07

SECUNIA - 14382

BUGTRAQ - 20050224 [SECURITYREASON.COM] phpMyAdmin 2.6.1 Remote file inclusion and XSS cXIb8O3.4


Last Updated: 27 May 2016 10:39:50