mailing list archives
Re: CVE request: phppgadmin before 5.0.4 XSS
From: Henri Salo <henri () nerv fi>
Date: Fri, 30 Mar 2012 11:47:16 +0300
On Wed, Mar 28, 2012 at 11:09:17PM -0600, Kurt Seifried wrote:
On 03/28/2012 08:26 AM, Hanno Böck wrote:
phppgadmin 5.0.4 fixes an xss, please assign CVE.
"Fix XSS in function.php, reported by Mateusz Goik"
Please use CVE-2012-1600 for this issue. Is there a link for the code
Fix XSS in function.php, reported by Mateusz Goik.
I'm not sure why the name and the type the functions were not escaped
*on purpose* here. There's no more reason here than in any other place
with other PostgreSQL objects to not escape the name or the type...
- Henri Salo