Hi, i'm not absolutely sure but from what i can see the:
gb_phpmyadmin_xss_vuln_dec14.nasl NVT is producing a false positive on a patched 4:4.2.12-2 version in Debian Jessie (Not vulnerable according to https://security-tracker.debian.org/tracker/CVE-2014-9219): <head/><script type='text/javascript'>window.onload=function(){window.location='http://example.com/\';alert(document.cookies);a=\'';}</script>Taking you to http://example.com/';alert(document.cookies);a='. As the ' gets escaped by a \ in the javascript code i'm not able to trigger the XSS here. Could some one have a closer look at this? Thanks. Regards, Chris _______________________________________________ Openvas-plugins mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-plugins
