phpMyAdmin 2.x - 'error.php' Cross-Site Scripting
| EKU-ID: 31526 | CVE: CVE-2005-2869;OSVDB-19048 | OSVDB-ID: |
| Author: Michal Cihar | Published: 2005-08-28 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 31526 | CVE: CVE-2005-2869;OSVDB-19048 | OSVDB-ID: |
| Author: Michal Cihar | Published: 2005-08-28 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/14675/info
phpMyAdmin is prone to a cross-site scripting vulnerability.
This issue may be exploited to steal cookie-based authentication credentials from legitimate users of the software. Such an attack would require that the victim follows a malicious link that includes hostile HTML and script code.
/error.php?error=%3Cscript%3Ewindow.alert('a')%3C/script%3E