Incomplete blacklist vulnerability in index.php in phpMyAdmin 2.8.0 through 2.9.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by injecting arbitrary JavaScript or HTML in a (1) db or (2) table parameter value followed by an uppercase end tag, which bypasses the protection against lowercase .
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Phpmyadmin | Phpmyadmin | 2.8.0 (including) | 2.8.0 (including) |
| Phpmyadmin | Phpmyadmin | 2.8.0.1 (including) | 2.8.0.1 (including) |
| Phpmyadmin | Phpmyadmin | 2.8.0.2 (including) | 2.8.0.2 (including) |
| Phpmyadmin | Phpmyadmin | 2.8.0.3 (including) | 2.8.0.3 (including) |
| Phpmyadmin | Phpmyadmin | 2.8.1 (including) | 2.8.1 (including) |
| Phpmyadmin | Phpmyadmin | 2.8.1_dev (including) | 2.8.1_dev (including) |
| Phpmyadmin | Phpmyadmin | 2.8.2 (including) | 2.8.2 (including) |
| Phpmyadmin | Phpmyadmin | 2.8.3 (including) | 2.8.3 (including) |
| Phpmyadmin | Phpmyadmin | 2.8.4 (including) | 2.8.4 (including) |
| Phpmyadmin | Phpmyadmin | 2.9 (including) | 2.9 (including) |
| Phpmyadmin | Phpmyadmin | 2.9.0 (including) | 2.9.0 (including) |
| Phpmyadmin | Phpmyadmin | 2.9.0.1 (including) | 2.9.0.1 (including) |
| Phpmyadmin | Phpmyadmin | 2.9.0.2 (including) | 2.9.0.2 (including) |
| Phpmyadmin | Phpmyadmin | 2.9.0.3 (including) | 2.9.0.3 (including) |
| Phpmyadmin | Phpmyadmin | 2.9.0_beta1 (including) | 2.9.0_beta1 (including) |
| Phpmyadmin | Phpmyadmin | 2.9.0_dev (including) | 2.9.0_dev (including) |
| Phpmyadmin | Phpmyadmin | 2.9.0_rc1 (including) | 2.9.0_rc1 (including) |
| Phpmyadmin | Phpmyadmin | 2.9.1 (including) | 2.9.1 (including) |
| Phpmyadmin | Phpmyadmin | 2.9.1.1 (including) | 2.9.1.1 (including) |
| Phpmyadmin | Phpmyadmin | 2.9.1_rc1 (including) | 2.9.1_rc1 (including) |
| Phpmyadmin | Phpmyadmin | 2.9.1_rc2 (including) | 2.9.1_rc2 (including) |
| Phpmyadmin | Phpmyadmin | 2.9.2 (including) | 2.9.2 (including) |