CVE-2006-6942

Priority
Untriaged
Description
Multiple cross-site scripting (XSS) vulnerabilities in PhpMyAdmin before
2.9.1.1 allow remote attackers to inject arbitrary HTML or web script via
(1) a comment for a table name, as exploited through (a) db_operations.php,
(2) the db parameter to (b) db_create.php, (3) the newname parameter to
db_operations.php, the (4) query_history_latest, (5)
query_history_latest_db, and (6) querydisplay_tab parameters to (c)
querywindow.php, and (7) the pos parameter to (d) sql.php.
References
Notes
 PMASA-2006-7
Package
Upstream:released (2.9.1.1)
More Information

Valid XHTML 1.0 Strict

Updated: 2015-07-29 20:28:49 UTC (commit 9756)