Cross-site scripting in phpMyAdmin - CVE-2017-1000015

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a CSS injection attack through crafted cookie parameters

How to mitigate CVE-2017-1000015

Sources

• http://www.securityfocus.com/bid/95726
• https://www.phpmyadmin.net/security/PMASA-2017-4