6.8

CVE-2006-6942

Multiple cross-site scripting (XSS) vulnerabilities in PhpMyAdmin before 2.9.1.1 allow remote attackers to inject arbitrary HTML or web script via (1) a comment for a table name, as exploited through (a) db_operations.php, (2) the db parameter to (b) db_create.php, (3) the newname parameter to db_operations.php, the (4) query_history_latest, (5) query_history_latest_db, and (6) querydisplay_tab parameters to (c) querywindow.php, and (7) the pos parameter to (d) sql.php.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PhpmyadminPhpmyadmin Version <= 2.9.1
PhpmyadminPhpmyadmin Version2.9.0
PhpmyadminPhpmyadmin Version2.9.0.1
PhpmyadminPhpmyadmin Version2.9.0.2
PhpmyadminPhpmyadmin Version2.9.0.3
PhpmyadminPhpmyadmin Version2.9.0_beta1
PhpmyadminPhpmyadmin Version2.9.0_rc1
PhpmyadminPhpmyadmin Version2.9.1_rc1
PhpmyadminPhpmyadmin Version2.9.1_rc2
DebianDebian Linux Version3.1
DebianDebian Linux Version4.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.92% 0.826
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://www.securityfocus.com/bid/21137
Third Party Advisory
VDB Entry