CVE-2011-3598

Name of the Vulnerable Software and Affected Versions phpPgAdmin versions prior to 5.0.3

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. The vulnerabilities are related to (1) a web page title in classes/Misc.php, or the (2) return url or (3) return desc parameter to "display.php".

Recommendations For versions prior to 5.0.3, update to version 5.0.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the "display.php" endpoint and validating user input for the return url and return desc parameters to minimize the risk of exploitation.