Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-3592

Overview

Vulnerability Score 3.5 3.5
CVE Id CVE-2011-3592
Last Modified 29 Dec 2014 05:48:01
Published 25 Dec 2014 09:59:06
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2011-3592

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the PMA_unInlineEditRow function in js/sql.js in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a (1) database name, (2) table name, or (3) column name that is not properly handled after an inline-editing operation.

Vulnerable Systems

Application

  • Phpmyadmin 3.4.0.0

  • Phpmyadmin 3.4.1.0

  • Phpmyadmin 3.4.2.0

  • Phpmyadmin 3.4.3.0

  • Phpmyadmin 3.4.3.1

  • Phpmyadmin 3.4.3.2

  • Phpmyadmin 3.4.4.0


References

CONFIRM - https://github.com/phpmyadmin/phpmyadmin/commit/2f28ce9c800274190418da0945ce3647d36e1db6

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=738681

CONFIRM - http://www.phpmyadmin.net/home_page/security/PMASA-2011-14.php

MLIST - [oss-security] 20110930 Re: CVE Request --- phpMyAdmin -- Multiple XSS flaws in versions v3.4.0 to v3.4.4 (PMASA-2011-14)


Last Updated: 27 May 2016 11:07:22