phpMyAdmin 3.5.x prior to 3.5.3 uses JavaScript code that is obtained through an HTTP session to phpmyadmin.net without SSL, which allows man-in-the-middle malicious users to conduct cross-site scripting (XSS) attacks by modifying this code.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
phpmyadmin phpmyadmin 3.5.0.0 |
||
phpmyadmin phpmyadmin 3.5.1.0 |
||
phpmyadmin phpmyadmin 3.5.2.0 |
||
phpmyadmin phpmyadmin 3.5.2.1 |
||
phpmyadmin phpmyadmin 3.5.2.2 |