CVE-2007-5589

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.11.1.2 allow remote attackers to inject arbitrary web script or HTML via certain input available in (1) PHPSELF in (a) serverstatus.php, and (b) grabglobals.lib.php, (c) displaychangepassword.lib.php, and (d) common.lib.php in libraries/; and certain input available in PHPSELF and (2) PATHINFO in libraries/common.inc.php. NOTE: there might also be other vectors related to (3) REQUESTURI.

References

http://secunia.com/advisories/27246
http://secunia.com/advisories/27506
http://secunia.com/advisories/27595
http://secunia.com/advisories/29323
http://www.debian.org/security/2007/dsa-1403
http://www.digitrustgroup.com/advisories/TDG-advisory071015a.html
http://www.mandriva.com/security/advisories?name=MDKSA-2007:199
http://www.vupen.com/english/advisories/2007/3535
https://bugzilla.redhat.com/show_bug.cgi?id=333661
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html
http://osvdb.org/37939
http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_2_11_1/phpMyAdmin/ChangeLog?r1=10796&r2=10795&pathrev=10796
http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=10796
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-6
http://www.securityfocus.com/bid/26301
https://exchange.xforce.ibmcloud.com/vulnerabilities/37292
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00040.html

CVE-2007-5589

Affected packages