PublicDate: 2007-08-13 21:17:00 UTC
Candidate: CVE-2007-4306
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4306
Description:
 Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.10.3
 allow remote attackers to inject arbitrary web script or HTML via the (1)
 unlim_num_rows, (2) sql_query, or (3) pos parameter to (a) tbl_export.php;
 the (4) session_max_rows or (5) pos parameter to (b) sql.php; the (6)
 username parameter to (c) server_privileges.php; or the (7) sql_query
 parameter to (d) main.php.  NOTE: vector 5 might be a regression or
 incomplete fix for CVE-2006-6942.7.
Ubuntu-Description: 
Notes: 
 fujitsu> Not exploitable, as knowledge of the session token is required.
Priority: untriaged
Discovered-by:
Assigned-to:
CVSS:

Bugs: 
dapper_phpmyadmin: ignored
edgy_phpmyadmin: ignored
feisty_phpmyadmin: ignored
gutsy_phpmyadmin: ignored
devel_phpmyadmin: ignored
upstream_phpmyadmin: ignored