mailing list archives
Re: CVE Request --- phpMyAdmin -- Multiple XSS flaws in versions v3.4.0 to v3.4.4 (PMASA-2011-14)
From: Josh Bressers <bressers () redhat com>
Date: Fri, 30 Sep 2011 13:43:00 -0400 (EDT)
Sorry this took so long, it's been a wild couple of weeks.
----- Original Message -----
Hello Josh, Steve, vendors,
multiple XSS flaws have been recently reported in the v3.4.4 (and
earlier 3.4.X) version of phpMyAdmin (PMASA-2011-14):
1) An XSS flaw was found in the way phpMyAdmin processed row content,
2) It was found that phpMyAdmin did not properly sanitize the content of
db, table, and column names prior use of their values.
A remote attacker could use these flaws to conduct XSS attacks (execute
arbitrary HTML or web script) by tricking authenticated phpMyAdmin user
into visiting of a specially-crafted URL.