Launchpad CVE tracker

CVE 2009-3696

Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.11.x before 2.11.9.6 and 3.x before 3.2.2.1 allows remote attackers to inject arbitrary web script or HTML via a crafted name for a MySQL table.

Related bugs and status

CVE-2009-3696 (Candidate) is related to these bugs:

Bug #392324: CVE-2009-1285: Insufficient output sanitizing when generating configuration file

		In	Importance	Status
392324	CVE-2009-1285: Insufficient output sanitizing when generating configuration file	phpmyadmin (Ubuntu)	Medium	Invalid
392324	CVE-2009-1285: Insufficient output sanitizing when generating configuration file	phpmyadmin (Ubuntu Jaunty)	Medium	Fix Released
392324	CVE-2009-1285: Insufficient output sanitizing when generating configuration file	phpmyadmin (Ubuntu Karmic)	Medium	Invalid

Bug #450505: Please sync phpmyadmin with debian unstable (3.2.2-1)

Summary				In	Importance	Status
	450505	Please sync phpmyadmin with debian unstable (3.2.2-1)		phpmyadmin (Ubuntu)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2009-3696

References