• Reported: 03.05.2008
• Published: 06.05.2008
• Updated: 06.05.2008
• Affected versions: <= 2.11.6
• Risk: medium
• Solution: no solution (upgrade to 2.11.7 if it is available)

Description

There are multiple XSS Vulnerabilities at table print view, database print view and data dictionary.
Table comments are not properly sanitized. This allows an attacker to execute arbitary javascript code
within site context.

This problem also occurs within the tablename at table print view and data dictionary

The attacker needs access to victims database and the CREATE or ALTER TABLE right.
Additionally, the attacker must trick the victim into opening one of the following links:

tbl_printview.php?db=database&table=attack_table&goto=tbl_structure.php&back=tbl_structure.php
db_printview.php?db=database&goto=db_structure.php&back=db_structure.php
db_datadict.php?db=database.

Important: No url token needed!