PublicDate: 2007-10-19 23:17:00 UTC
Candidate: CVE-2007-5589
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5589
Description:
 Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before
 2.11.1.2 allow remote attackers to inject arbitrary web script or HTML via
 certain input available in (1) PHP_SELF in (a) server_status.php, and (b)
 grab_globals.lib.php, (c) display_change_password.lib.php, and (d)
 common.lib.php in libraries/; and certain input available in PHP_SELF and
 (2) PATH_INFO in libraries/common.inc.php. NOTE: there might also be other
 vectors related to (3) REQUEST_URI.
Ubuntu-Description:
Notes:
 wgrant> PMASA-2007-6
Bugs:
 https://bugs.edge.launchpad.net/ubuntu/+source/phpmyadmin/+bug/162599
Priority: low
Discovered-by:
Assigned-to: fujitsu
CVSS: 
upstream_phpmyadmin: released (2.11.1.2)
dapper_phpmyadmin: ignored (reached end-of-life)
edgy_phpmyadmin: needed (reached end-of-life)
feisty_phpmyadmin: released (4:2.9.1.1-2ubuntu1.1)
gutsy_phpmyadmin: released (4:2.10.3-1ubuntu0.1)
hardy_phpmyadmin: not-affected
intrepid_phpmyadmin: not-affected
jaunty_phpmyadmin: not-affected
karmic_phpmyadmin: not-affected
devel_phpmyadmin: not-affected