phpMyAdmin Print view XSS-Vulnerability

Type: persistent XSSNorman Hippert (wildcat at the-wildcat dot de)

  • Reported: 03.05.2008
  • Published: 06.05.2008
  • Updated: 06.05.2008
  • Affected versions: <= 2.11.6
  • Risk: medium
  • Solution: no solution (upgrade to 2.11.7 if it is available)


There are multiple XSS Vulnerabilities at table print view, database print view and data dictionary.
Table comments are not properly sanitized. This allows an attacker to execute arbitary javascript code
within site context.

This problem also occurs within the tablename at table print view and data dictionary

The attacker needs access to victims database and the CREATE or ALTER TABLE right.
Additionally, the attacker must trick the victim into opening one of the following links:


Important: No url token needed!