CVE-2009-3696

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in packagist/phpmyadmin/phpmyadmin

Identifiers

GHSA-5pvv-f8h3-gw96, CVE-2009-3696

Package Slug

packagist/phpmyadmin/phpmyadmin

Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.11.x before 2.11.9.6 and 3.x before 3.2.2.1 allows remote attackers to inject arbitrary web script or HTML via a crafted name for a MySQL table.

Affected Versions

All versions starting from 2.11.0 before 2.11.9.6, all versions starting from 3.0.0 before 3.2.2.1

Solution

Upgrade to versions 2.11.9.6, 3.2.2.1 or above.

Last Modified

2024-02-19

source