VYPR
← All advisories
Low severityNVD Advisory· Published Dec 26, 2014· Updated May 6, 2026

CVE-2011-3591

CVE-2011-3591

Description

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a crafted row that triggers an improperly constructed confirmation message after inline-editing and save operations, related to (1) js/functions.js and (2) js/tbl_structure.js.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
phpmyadmin/phpmyadminPackagist
>= 3.4.0, < 3.4.53.4.5

Affected products

7
  • PhpMyAdmin/phpMyAdmin7 versions
    cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.0.0:*:*:*:*:*:*:*+ 6 more
    • cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.4.0:*:*:*:*:*:*:*

Patches

1
bda213c58aec

Escape HTML in js-generated confirmation messages

https://github.com/phpmyadmin/phpmyadminMarc DelisleSep 8, 2011via ghsa
commit
3 files changed · +17 5
  • ChangeLog+2 1 modified
    @@ -11,6 +11,8 @@ phpMyAdmin - ChangeLog
 - [export] Remove native Excel export modules (xls and xlsx formats)
 - [import] Remove native Excel import modules (xls and xlsx formats)
 - bug #3392920 [edit] BLOB emptied after editing another column
+- [security] Fixed XSS in Inline Edit on save action, see PMASA-2011-14
+- [security] Fixed XSS with db/table/column names, see PMASA-2011-14 
 
 3.4.4.0 (2011-08-24)
 - bug #3323060 [parser] SQL parser breaks AJAX requests if query has unclosed quotes
@@ -31,7 +33,6 @@ phpMyAdmin - ChangeLog
 - bug #3374347 [display] Backquotes in normal text on import page
 - bug #3358750 [core] With Suhosin, urls are too long in edit links
 - [security] Missing sanitization on the table, column and index names leads to XSS vulnerabilities, see PMASA-2011-13
-- [security] Fixed XSS in Inline Edit on save action
 
 3.4.3.2 (2011-07-23)
 - [security] Fixed XSS vulnerability, see PMASA-2011-9
  • js/functions.js+13 2 modified
    @@ -172,7 +172,7 @@ function selectContent( element, lock, only_once ) {
 }
 
 /**
- * Displays a confirmation box before to submit a "DROP/DELETE/ALTER" query.
+ * Displays a confirmation box before submitting a "DROP/DELETE/ALTER" query.
  * This function is called while clicking links
  *
  * @param   object   the link
@@ -1657,7 +1657,7 @@ $(document).ready(function() {
         /**
          * @var question    String containing the question to be asked for confirmation
          */
-        var question = PMA_messages['strDropDatabaseStrongWarning'] + '\n' + PMA_messages['strDoYouReally'] + ' :\n' + 'DROP DATABASE ' + window.parent.db;
+        var question = PMA_messages['strDropDatabaseStrongWarning'] + '\n' + PMA_messages['strDoYouReally'] + ' :\n' + 'DROP DATABASE ' + escapeHtml(window.parent.db);
 
         $(this).PMA_confirm(question, $(this).attr('href') ,function(url) {
 
@@ -2287,3 +2287,14 @@ $(document).ready(function() {
 
 }) // end of $(document).ready()
 
+/**
+ * HTML escaping
+ */
+function escapeHtml(unsafe) {
+    return unsafe
+        .replace(/&/g, "&amp;")
+        .replace(/</g, "&lt;")
+        .replace(/>/g, "&gt;")
+        .replace(/"/g, "&quot;")
+        .replace(/'/g, "&#039;");
+}
  • js/tbl_structure.js+2 2 modified
    @@ -44,7 +44,7 @@ $(document).ready(function() {
         /**
          * @var question    String containing the question to be asked for confirmation
          */
-        var question = PMA_messages['strDoYouReally'] + ' :\n ALTER TABLE `' + curr_table_name + '` DROP `' + curr_column_name + '`';
+        var question = PMA_messages['strDoYouReally'] + ' :\n ALTER TABLE `' + escapeHtml(curr_table_name) + '` DROP `' + escapeHtml(curr_column_name) + '`';
 
         $(this).PMA_confirm(question, $(this).attr('href'), function(url) {
 
@@ -83,7 +83,7 @@ $(document).ready(function() {
         /**
          * @var question    String containing the question to be asked for confirmation
          */
-        var question = PMA_messages['strDoYouReally'] + ' :\n ALTER TABLE `' + curr_table_name + '` ADD PRIMARY KEY(`' + curr_column_name + '`)';
+        var question = PMA_messages['strDoYouReally'] + ' :\n ALTER TABLE `' + escapeHtml(curr_table_name) + '` ADD PRIMARY KEY(`' + escapeHtml(curr_column_name) + '`)';
 
         $(this).PMA_confirm(question, $(this).attr('href'), function(url) {

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

6

News mentions

0

No linked articles in our index yet.