Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.10.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the fieldkey parameter to browse_foreigners.php or (2) certain input to the PMA_sanitize function.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Phpmyadmin | Phpmyadmin | 2.10.1.0 |
References
- http://osvdb.org/35050
- http://secunia.com/advisories/24952Vendor Advisory
- http://secunia.com/advisories/26733
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:199
- http://www.phpmyadmin.net/ChangeLog.txt
- http://www.phpmyadmin.net/home_page/downloads.php?relnotes=0
- http://www.us.debian.org/security/2007/dsa-1370
- http://www.vupen.com/english/advisories/2007/1508
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33898
- http://osvdb.org/35050
- http://secunia.com/advisories/24952Vendor Advisory
- http://secunia.com/advisories/26733
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:199
- http://www.phpmyadmin.net/ChangeLog.txt
- http://www.phpmyadmin.net/home_page/downloads.php?relnotes=0
FAQ
What is CVE-2007-2245?
CVE-2007-2245 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.10.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the fieldkey parameter to browse_foreigners.php ...
How severe is CVE-2007-2245?
CVE-2007-2245 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-2245?
Check the references section above for vendor advisories and patch information. Affected products include: Phpmyadmin Phpmyadmin.