Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4-pl3 allow remote attackers to inject arbitrary web script or HTML via certain arguments to (1) left.php, (2) queryframe.php, or (3) server_databases.php.
Software | From | Fixed in |
---|---|---|
phpmyadmin / phpmyadmin | 2.6.4 | 2.6.4.x |
phpmyadmin / phpmyadmin | 2.6.4_pl1 | 2.6.4_pl1.x |
phpmyadmin / phpmyadmin | 2.6.4_pl2 | 2.6.4_pl2.x |
phpmyadmin / phpmyadmin | 2.6.4_rc1 | 2.6.4_rc1.x |