CVE-2007-5589
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2007-5589
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2007-5589.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2007-5589
- Downstream
- Published
- 2007-10-19T23:17:00Z
- Modified
- 2025-08-09T20:01:26Z
- Summary
- [none]
- Details
-
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.11.1.2 allow remote attackers to inject arbitrary web script or HTML via certain input available in (1) PHPSELF in (a) serverstatus.php, and (b) grabglobals.lib.php, (c) displaychangepassword.lib.php, and (d) common.lib.php in libraries/; and certain input available in PHPSELF and (2) PATHINFO in libraries/common.inc.php. NOTE: there might also be other vectors related to (3) REQUESTURI.
- References
-
- http://secunia.com/advisories/27246
- http://secunia.com/advisories/27506
- http://secunia.com/advisories/27595
- http://secunia.com/advisories/29323
- http://www.debian.org/security/2007/dsa-1403
- http://www.digitrustgroup.com/advisories/TDG-advisory071015a.html
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:199
- http://www.vupen.com/english/advisories/2007/3535
- https://bugzilla.redhat.com/show_bug.cgi?id=333661
- http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html
- http://osvdb.org/37939
- http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_2_11_1/phpMyAdmin/ChangeLog?r1=10796&r2=10795&pathrev=10796
- http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=10796
- http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-6
- http://www.securityfocus.com/bid/26301
- https://exchange.xforce.ibmcloud.com/vulnerabilities/37292
- https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00040.html