error.php in PhpMyAdmin 3.3.8.1, and other versions prior to 3.4.0-beta1, allows remote malicious users to conduct cross-site scripting (XSS) attacks via a crafted BBcode tag containing "@" characters, as demonstrated using "[a@url@page]".
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
phpmyadmin phpmyadmin 3.3.9.0 |
||
phpmyadmin phpmyadmin 3.3.8.1 |