CVE-2008-4326
EPSS 0.43%phpmyadmin - cross site scripting
Published: 9/30/2008Modified: 5/7/2026
Description
The PMA_escapeJsString function in libraries/js_escape.lib.php in phpMyAdmin before 2.11.9.2, when Internet Explorer is used, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via a NUL byte inside a "</script" sequence.
Affected packages (2)
- Debian/phpmyadminfrom 0, < 4:2.11.8.1-3
- Debian/phpmyadminfrom 0, < 4:2.9.1.1-9