XSS Vulnerability in phpPgAdmin Affected by Malicious Script Injection
CVE-2007-2865

Currently unrated

Key Information:

Vendor

PHPpgadmin

Status
PHPpgadmin
Vendor
CVE Published:
25 May 2007

What is CVE-2007-2865?

The cross-site scripting (XSS) vulnerability found in phpPgAdmin 4.1.1's sqledit.php file can be exploited by remote attackers to inject arbitrary HTML or web scripts. This occurs when the 'server' parameter is manipulated, allowing attackers to execute harmful scripts within the context of a user's browser, potentially leading to various security risks, including unauthorized access to sensitive information. It's crucial for users to apply necessary security updates to mitigate the risk posed by this vulnerability.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/34456
vdb-entryx_refsource_XF
http://osvdb.org/38138
vdb-entryx_refsource_OSVDB
http://secunia.com/advisories/27756
third-party-advisoryx_refsource_SECUNIA

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.