Cross-Site Scripting Vulnerabilities in MySQL Lite Administrator by MySQL
CVE-2015-5064

Currently unrated

Key Information:

Vendor

Mysql-lite-administrator Project

Status
Mysql-lite-administrator
Vendor
CVE Published:
24 June 2015

What is CVE-2015-5064?

MySQL Lite Administrator beta-1 contains multiple cross-site scripting vulnerabilities that enable remote attackers to inject arbitrary web scripts or HTML. This is achieved via the 'table_name' parameter in the files tabella.php, coloni.php, insert.php, and the 'num_row' parameter in coloni.php. Attackers exploiting these vulnerabilities can execute malicious scripts in the context of the user's browser, potentially compromising sensitive information.

References

http://www.securityfocus.com/bid/75397
vdb-entryx_refsource_BID
http://packetstormsecurity.com/files/132420/MySQL-Lite-Ad...
x_refsource_MISC
http://www.securityfocus.com/archive/1/535809/100/0/threaded
mailing-listx_refsource_BUGTRAQ

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.