CVE-2005-2869

Name of the Vulnerable Software and Affected Versions phpMyAdmin versions prior to 2.6.4

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. This can be achieved via the username variable to libraries/auth/cookie.auth.lib.php or the error parameter to error.php.

Recommendations For versions prior to 2.6.4, update to version 2.6.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the libraries/auth/cookie.auth.lib.php and error.php files to minimize the risk of exploitation. Avoid using the username variable in the affected libraries/auth/cookie.auth.lib.php file and the error parameter in the error.php file until the issue is resolved.