Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: CVE request: phppgadmin before 5.0.4 XSS
From: Henri Salo <henri () nerv fi>
Date: Fri, 30 Mar 2012 11:47:16 +0300

On Wed, Mar 28, 2012 at 11:09:17PM -0600, Kurt Seifried wrote:
On 03/28/2012 08:26 AM, Hanno Böck wrote:
phppgadmin 5.0.4 fixes an xss, please assign CVE.

https://github.com/phppgadmin/phppgadmin/commit/e92a003624609a445c4cf57c9c3d1fcef0eae47c#diff-0

 "Fix XSS in function.php, reported by Mateusz Goik"


Please use CVE-2012-1600  for this issue. Is there a link for the code
change?

"""
Fix XSS in function.php, reported by Mateusz Goik.

I'm not sure why the name and the type the functions were not escaped
*on purpose* here. There's no more reason here than in any other place
with other PostgreSQL objects to not escape the name or the type...
"""

https://github.com/phppgadmin/phppgadmin/commit/74174ad639664b52cc1609ede0af8bc403e98a00

- Henri Salo


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]