Home page logo

oss-sec logo oss-sec mailing list archives

Re: CVE request: phppgadmin before 5.0.4 XSS
From: Henri Salo <henri () nerv fi>
Date: Fri, 30 Mar 2012 11:47:16 +0300

On Wed, Mar 28, 2012 at 11:09:17PM -0600, Kurt Seifried wrote:
On 03/28/2012 08:26 AM, Hanno Böck wrote:
phppgadmin 5.0.4 fixes an xss, please assign CVE.


 "Fix XSS in function.php, reported by Mateusz Goik"

Please use CVE-2012-1600  for this issue. Is there a link for the code

Fix XSS in function.php, reported by Mateusz Goik.

I'm not sure why the name and the type the functions were not escaped
*on purpose* here. There's no more reason here than in any other place
with other PostgreSQL objects to not escape the name or the type...


- Henri Salo

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]