Launchpad.net

CVE 2007-1395

Incomplete blacklist vulnerability in index.php in phpMyAdmin 2.8.0 through 2.9.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by injecting arbitrary JavaScript or HTML in a (1) db or (2) table parameter value followed by an uppercase </SCRIPT> end tag, which bypasses the protection against lowercase </script>.

Related bugs and status

CVE-2007-1395 (Candidate) is related to these bugs:

Bug #162599: few serious security issues for phpMyAdmin

		In	Importance	Status
162599	few serious security issues for phpMyAdmin	phpmyadmin (Ubuntu)	Undecided	Fix Released
162599	few serious security issues for phpMyAdmin	phpmyadmin (Ubuntu Dapper)	Undecided	Won't Fix
162599	few serious security issues for phpMyAdmin	phpmyadmin (Ubuntu Edgy)	Undecided	Won't Fix
162599	few serious security issues for phpMyAdmin	phpmyadmin (Ubuntu Gutsy)	Undecided	Fix Released
162599	few serious security issues for phpMyAdmin	phpmyadmin (Ubuntu Hardy)	Undecided	Fix Released
162599	few serious security issues for phpMyAdmin	phpmyadmin (Ubuntu Feisty)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://www.virtuax.be/...
SREASON: 2402
DEBIAN: DSA-1370
SECUNIA: 26733
MANDRIVA: MDKSA-2007:199
OSVDB: 35048
XF: phpmyadmin-dbtable-xss...
BUGTRAQ: 20070307 xss in phpmya...