Web application abuses : phpMyAdmin Setup '$host' Variable Cross Site Scripting Vulnerability

Price/Feature Summary | Order | New Vulnerabilities | Confidentiality | Vulnerability Search

Vulnerability Search		Search 61204 CVE descriptions and 32582 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.902802

Category: Web application abuses

Title: phpMyAdmin Setup '$host' Variable Cross Site Scripting Vulnerability

Summary: Check if phpMyAdmin is vulnerable to Cross-Site Scripting

Description:
Overview: The host is running phpMyAdmin and is prone to cross site scripting
vulnerability.

Vulnerability Insight:
The flaw is due to improper validation of user-supplied input via
the '$host' variable within the setup, which allows attackers to execute
arbitrary HTML and script code in a user's browser session in the context
of an affected site.

Impact:
Successful exploitation will allow remote attackers to insert arbitrary HTML
and script code, which will be executed in a user's browser session in the
context of an affected site.

Impact Level: Application

Affected Software/OS:
phpMyAdmin versions 3.4.x before 3.4.9

Fix: Upgrade to phpMyAdmin version 3.4.9 or later,
For updates refer to http://www.phpmyadmin.net/home_page/downloads.php

References:
http://secunia.com/advisories/47338
http://packetstormsecurity.org/files/108110/TWSL2011-019.txt
http://www.phpmyadmin.net/home_page/security/PMASA-2011-19.php
http://www.phpmyadmin.net/home_page/security/PMASA-2011-20.php
https://www.trustwave.com/spiderlabs/advisories/TWSL2011-019.txt

Cross-Ref: BugTraq ID: 51166
Common Vulnerability Exposure (CVE) ID: CVE-2011-4780
http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071537.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071523.html
http://www.mandriva.com/security/advisories?name=MDVSA-2011:198
BugTraq ID: 51226
http://www.securityfocus.com/bid/51226
Common Vulnerability Exposure (CVE) ID: CVE-2011-4782
XForce ISS Database: phpmyadmin-configfileclass-xss(71938)
http://xforce.iss.net/xforce/xfdb/71938

Copyright Copyright (C) 2011 SecPod

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

New User Registration
Email:

UserID:

Passwd:

Please email me your monthly newsletters, informing the latest services, improvements & surveys.

Please email me a vulnerability test announcement whenever a new test is added.

Privacy

Registered User Login

UserID:

Passwd:

Forgot userid or passwd?

Email/Userid:

Test ID:	1.3.6.1.4.1.25623.1.0.902802
Category:	Web application abuses
Title:	phpMyAdmin Setup '$host' Variable Cross Site Scripting Vulnerability
Summary:	Check if phpMyAdmin is vulnerable to Cross-Site Scripting
Description:	Overview: The host is running phpMyAdmin and is prone to cross site scripting vulnerability. Vulnerability Insight: The flaw is due to improper validation of user-supplied input via the '$host' variable within the setup, which allows attackers to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. Impact: Successful exploitation will allow remote attackers to insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site. Impact Level: Application Affected Software/OS: phpMyAdmin versions 3.4.x before 3.4.9 Fix: Upgrade to phpMyAdmin version 3.4.9 or later, For updates refer to http://www.phpmyadmin.net/home_page/downloads.php References: http://secunia.com/advisories/47338 http://packetstormsecurity.org/files/108110/TWSL2011-019.txt http://www.phpmyadmin.net/home_page/security/PMASA-2011-19.php http://www.phpmyadmin.net/home_page/security/PMASA-2011-20.php https://www.trustwave.com/spiderlabs/advisories/TWSL2011-019.txt
Cross-Ref:	BugTraq ID: 51166 Common Vulnerability Exposure (CVE) ID: CVE-2011-4780 http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071537.html http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071523.html http://www.mandriva.com/security/advisories?name=MDVSA-2011:198 BugTraq ID: 51226 http://www.securityfocus.com/bid/51226 Common Vulnerability Exposure (CVE) ID: CVE-2011-4782 XForce ISS Database: phpmyadmin-configfileclass-xss(71938) http://xforce.iss.net/xforce/xfdb/71938
Copyright	Copyright (C) 2011 SecPod