Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4-pl4 allow remote attackers to inject arbitrary web script or HTML via (1) the cookie-based login panel, (2) the title parameter and (3) the table creation dialog.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Phpmyadmin | Phpmyadmin | 2.2.0 (including) | 2.2.0 (including) |
| Phpmyadmin | Phpmyadmin | 2.2.7_pl1 (including) | 2.2.7_pl1 (including) |
| Phpmyadmin | Phpmyadmin | 2.5.2_pl1 (including) | 2.5.2_pl1 (including) |
| Phpmyadmin | Phpmyadmin | 2.5.3 (including) | 2.5.3 (including) |
| Phpmyadmin | Phpmyadmin | 2.5.4 (including) | 2.5.4 (including) |
| Phpmyadmin | Phpmyadmin | 2.5.5_pl1 (including) | 2.5.5_pl1 (including) |
| Phpmyadmin | Phpmyadmin | 2.5.6_rc2 (including) | 2.5.6_rc2 (including) |
| Phpmyadmin | Phpmyadmin | 2.5.7_pl1 (including) | 2.5.7_pl1 (including) |
| Phpmyadmin | Phpmyadmin | 2.6.0_pl3 (including) | 2.6.0_pl3 (including) |
| Phpmyadmin | Phpmyadmin | 2.6.1_pl3 (including) | 2.6.1_pl3 (including) |
| Phpmyadmin | Phpmyadmin | 2.6.2_pl1 (including) | 2.6.2_pl1 (including) |
| Phpmyadmin | Phpmyadmin | 2.6.3_pl1 (including) | 2.6.3_pl1 (including) |
| Phpmyadmin | Phpmyadmin | 2.6.4_pl3 (including) | 2.6.4_pl3 (including) |