Incomplete blacklist vulnerability in index.php in phpMyAdmin 2.8.0 up to and including 2.9.2 allows remote malicious users to conduct cross-site scripting (XSS) attacks by injecting arbitrary JavaScript or HTML in a (1) db or (2) table parameter value followed by an uppercase </SCRIPT> end tag, which bypasses the protection against lowercase </script>.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
phpmyadmin phpmyadmin 2.8.0 |
||
phpmyadmin phpmyadmin 2.8.4 |
||
phpmyadmin phpmyadmin 2.9 |
||
phpmyadmin phpmyadmin 2.9.0_rc1 |
||
phpmyadmin phpmyadmin 2.9.1 |
||
phpmyadmin phpmyadmin 2.8.2 |
||
phpmyadmin phpmyadmin 2.8.3 |
||
phpmyadmin phpmyadmin 2.9.0_beta1 |
||
phpmyadmin phpmyadmin 2.9.0_dev |
||
phpmyadmin phpmyadmin 2.8.0.3 |
||
phpmyadmin phpmyadmin 2.8.1 |
||
phpmyadmin phpmyadmin 2.8.1_dev |
||
phpmyadmin phpmyadmin 2.9.0.2 |
||
phpmyadmin phpmyadmin 2.9.0.3 |
||
phpmyadmin phpmyadmin 2.9.1_rc2 |
||
phpmyadmin phpmyadmin 2.9.2 |
||
phpmyadmin phpmyadmin 2.8.0.1 |
||
phpmyadmin phpmyadmin 2.8.0.2 |
||
phpmyadmin phpmyadmin 2.9.0 |
||
phpmyadmin phpmyadmin 2.9.0.1 |
||
phpmyadmin phpmyadmin 2.9.1.1 |
||
phpmyadmin phpmyadmin 2.9.1_rc1 |