Upstream information

CVE-2005-3665 at MITRE

Description

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.7.0 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP_HOST variable and (2) various scripts in the libraries directory that handle header generation.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 4.3
Vector AV:N/AC:M/Au:N/C:N/I:P/A:N
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact None
Integrity Impact Partial
Availability Impact None
SUSE Bugzilla entry: 137797 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE LINUX 10.0
SUSE LINUX 9.1 for IA32
SUSE LINUX 9.1 for x86-64
SUSE LINUX 9.2
SUSE LINUX 9.3
  • phpMyAdmin >= 2.7.0pl2-1.2
SuSE Linux 9.0 for AMD64
SuSE Linux 9.0 for IA32
  • phpMyAdmin >= 2.7.0pl2-3