ID de Prueba:	1.3.6.1.4.1.25623.1.0.900134
Categoría:	Web application abuses
Título:	phpMyAdmin Cross-Site Scripting Vulnerability
Resumen:	phpMyAdmin is prone to a cross-site scripting (XSS) vulnerability.
Descripción:	Summary: phpMyAdmin is prone to a cross-site scripting (XSS) vulnerability. Vulnerability Insight: Error exists in the PMA_escapeJsString() function in js_escape.lib.php file, which fails to sufficiently sanitize user-supplied data. Vulnerability Impact: Execution of arbitrary HTML and script code will allow attackers to steal cookie-based authentication credentials and to launch other attacks. Affected Software/OS: phpMyAdmin versions prior to 2.11.9.2. Solution: Update to version 2.11.9.2 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-4326 Debian Security Information: DSA-1675 (Google Search) http://www.debian.org/security/2008/dsa-1675 http://jvn.jp/en/jp/JVN54824688/index.html http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000061.html http://www.openwall.com/lists/oss-security/2008/09/22/2 http://osvdb.org/48511 http://secunia.com/advisories/31974 http://secunia.com/advisories/31992 http://secunia.com/advisories/32954 http://secunia.com/advisories/33822 SuSE Security Announcement: SUSE-SR:2009:003 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html http://www.vupen.com/english/advisories/2008/2657
Copyright	Copyright (C) 2008 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.