CVE-2007-2245

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.10.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the fieldkey parameter to browseforeigners.php or (2) certain input to the PMAsanitize function.

References

http://secunia.com/advisories/24952
http://secunia.com/advisories/26733
http://www.mandriva.com/security/advisories?name=MDKSA-2007:199
http://www.vupen.com/english/advisories/2007/1508
http://osvdb.org/35050
http://www.phpmyadmin.net/ChangeLog.txt
http://www.phpmyadmin.net/home_page/downloads.php?relnotes=0
http://www.us.debian.org/security/2007/dsa-1370
https://exchange.xforce.ibmcloud.com/vulnerabilities/33898

CVE-2007-2245

Affected packages