{"id":"CVE-2007-2245","details":"Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.10.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the fieldkey parameter to browse_foreigners.php or (2) certain input to the PMA_sanitize function.","modified":"2026-04-10T03:38:49.419752Z","published":"2007-04-25T16:19:00Z","references":[{"type":"ADVISORY","url":"http://secunia.com/advisories/24952"},{"type":"ADVISORY","url":"http://secunia.com/advisories/26733"},{"type":"ADVISORY","url":"http://www.mandriva.com/security/advisories?name=MDKSA-2007:199"},{"type":"ADVISORY","url":"http://www.vupen.com/english/advisories/2007/1508"},{"type":"WEB","url":"http://osvdb.org/35050"},{"type":"WEB","url":"http://www.phpmyadmin.net/ChangeLog.txt"},{"type":"WEB","url":"http://www.phpmyadmin.net/home_page/downloads.php?relnotes=0"},{"type":"WEB","url":"http://www.us.debian.org/security/2007/dsa-1370"},{"type":"WEB","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/33898"}],"schema_version":"1.7.5"}