Detections
Analytics

phpMyAdmin < 2.6.4-RC1 XSS (deprecated)

low Nessus Network Monitor Plugin ID 3193

Synopsis

The remote host is vulnerable to a Cross-Site Scripting (XSS) attack

Description

The version of phpMyAdmin installed on the remote host may suffer from two cross-site scripting vulnerabilities due to its failure to sanitize user input to the 'error' parameter of the 'error.php' script and in 'libraries/auth/cookie.auth.lib.php'. A remote attacker may use these vulnerabilities to cause arbitrary HTML and script code to be executed in a user's browser within the context of the affected application.

Solution

Upgrade to version 2.6.4-RC1 or higher.

See Also

http://sourceforge.net/tracker/index.php?func=detail&aid=1265740&group_id=23067&atid=377408

http://sourceforge.net/tracker/index.php?func=detail&aid=1240880&group_id=23067&atid=377408

Plugin Details

Severity: Low

ID: 3193

Family: CGI

Published: 8/29/2005

Updated: 3/6/2019

Nessus ID: 19519

Risk Information

VPR

Risk Factor: Low

Score: 3.8

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS v3

Risk Factor: Low

Base Score: 3.7

Temporal Score: 3.6

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:X

Vulnerability Information

CPE: cpe:/a:phpmyadmin:phpmyadmin

Reference Information

CVE: CVE-2005-2869

BID: 14674, 14675