Cross-site scripting (XSS) vulnerability in error.php in phpMyAdmin 2.6.4 through 2.9.0.2 allows remote attackers to inject arbitrary web script or HTML via UTF-7 or US-ASCII encoded characters, which are injected into an error message, as demonstrated by a request with a utf7 charset parameter accompanied by UTF-7 data.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Phpmyadmin | Phpmyadmin | 2.6.4_pl1 (including) | 2.6.4_pl1 (including) |
| Phpmyadmin | Phpmyadmin | 2.6.4_pl3 (including) | 2.6.4_pl3 (including) |
| Phpmyadmin | Phpmyadmin | 2.6.4_pl4 (including) | 2.6.4_pl4 (including) |
| Phpmyadmin | Phpmyadmin | 2.6.4_rc1 (including) | 2.6.4_rc1 (including) |
| Phpmyadmin | Phpmyadmin | 2.7 (including) | 2.7 (including) |
| Phpmyadmin | Phpmyadmin | 2.7.0_beta1 (including) | 2.7.0_beta1 (including) |
| Phpmyadmin | Phpmyadmin | 2.7_pl1 (including) | 2.7_pl1 (including) |
| Phpmyadmin | Phpmyadmin | 2.8.1 (including) | 2.8.1 (including) |
| Phpmyadmin | Phpmyadmin | 2.8.2 (including) | 2.8.2 (including) |
| Phpmyadmin | Phpmyadmin | 2.8.3 (including) | 2.8.3 (including) |
| Phpmyadmin | Phpmyadmin | 2.8.4 (including) | 2.8.4 (including) |
| Phpmyadmin | Phpmyadmin | 2.9 (including) | 2.9 (including) |
| Phpmyadmin | Phpmyadmin | 2.9.1 (including) | 2.9.1 (including) |
| Phpmyadmin | Phpmyadmin | 2.9.2 (including) | 2.9.2 (including) |
| Phpmyadmin | Phpmyadmin | 2.9_rc1 (including) | 2.9_rc1 (including) |
| Phpmyadmin | Ubuntu | dapper | * |
| Phpmyadmin | Ubuntu | edgy | * |
| Phpmyadmin | Ubuntu | upstream | * |