Cross-Site Scripting Vulnerabilities in phpPgAdmin by phpPgAdmin
CVE-2011-3598

Currently unrated

Key Information:

Vendor: PHPpgadmin
Status: PHPpgadmin
Vendor: CVE Published:; 8 October 2011

What is CVE-2011-3598?

phpPgAdmin prior to version 5.0.3 contains multiple cross-site scripting vulnerabilities. Attackers can exploit these flaws by injecting arbitrary web scripts or HTML code into the application through manipulated web page titles or via query parameters such as return_url and return_desc in display.php. Successful exploitation may lead to the execution of malicious scripts in the context of users interacting with the compromised application, potentially compromising sensitive user data and session information.

References

http://lists.fedoraproject.org/pipermail/package-announce...

vendor-advisoryx_refsource_FEDORA

http://secunia.com/advisories/46426

third-party-advisoryx_refsource_SECUNIA

http://sourceforge.net/mailarchive/forum.php?thread_name=...

mailing-listx_refsource_MLIST

Timeline

Vulnerability published
Oct 8, 2011
Vulnerability Reserved
Sep 21, 2011

JSON

PHPpgadmin

What is CVE-2011-3598?

References

Timeline