Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2417

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2006-2417
Last Modified 13 Sep 2011 12:00:00
Published 16 May 2006 06:02:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-2417

Summary

Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.x before 2.8.0.4 allows remote attackers to inject arbitrary web script or HTML via the theme parameter in unknown scripts. NOTE: the lang parameter is already covered by CVE-2006-2031.

Vulnerable Systems

Application

  • Phpmyadmin 2.8.0.1

  • Phpmyadmin 2.8.0.2

  • Phpmyadmin 2.8.0.3


References

BID - 17973

CONFIRM - http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-2

SECUNIA - 20113

XF - phpmyadmin-theme-parameter-xss(26444)

VUPEN - ADV-2006-1794

SECUNIA - 20627

SUSE - SUSE-SR:2006:013


Last Updated: 27 May 2016 10:42:28