CVE-2007-1395
phpMyAdmin 2.8.0-2.9.2 - Cross-Site Scripting via Uppercase Script Tag Bypass
Title source: llmDescription
Incomplete blacklist vulnerability in index.php in phpMyAdmin 2.8.0 through 2.9.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by injecting arbitrary JavaScript or HTML in a (1) db or (2) table parameter value followed by an uppercase </SCRIPT> end tag, which bypasses the protection against lowercase </script>.
References (8)
Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/32858
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/26733
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/35048
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/2402
Exploit, Vendor Advisory x_refsource_misc
http://www.virtuax.be/advisories/Advisory2-24012007.txt
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.us.debian.org/security/2007/dsa-1370
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2007:199
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/462139/100/0/threaded
Scores
EPSS
0.0238
EPSS Percentile
85.2%
Details
Status
published
Products (22)
phpmyadmin/phpmyadmin
2.8.0
phpmyadmin/phpmyadmin
2.8.0.1
phpmyadmin/phpmyadmin
2.8.0.2
phpmyadmin/phpmyadmin
2.8.0.3
phpmyadmin/phpmyadmin
2.8.1
phpmyadmin/phpmyadmin
2.8.1_dev
phpmyadmin/phpmyadmin
2.8.2
phpmyadmin/phpmyadmin
2.8.3
phpmyadmin/phpmyadmin
2.8.4
phpmyadmin/phpmyadmin
2.9
... and 12 more
Published
Mar 10, 2007
Tracked Since
Feb 18, 2026