oss-sec mailing list archives

CVE Request: Self-XSS in phpmyadmin fixed in 3.5.8

From: Salvatore Bonaccorso <carnil () debian org>
Date: Tue, 9 Apr 2013 14:01:24 +0200

Hi Kurt

New phpMyAdmin release (3.5.8) contains the following changelog entry:

3.5.8.0 (2013-04-08)
- bug #3828 MariaDB reported as MySQL
- bug #3854 Incorrect header for Safari 6.0
- bug #3705 Attempt to open trigger for edit gives NULL
- Use HTML5 DOCTYPE 
- [security] Self-XSS on GIS visualisation page, reported by Janek Vind
- bug #3800 Incorrect keyhandler behaviour #2

refering to a XSS vulnerability on the GIS visualisation page. [1] is
the reference by Janek Vind, upstream commit afaics [2].

 [1]: http://seclists.org/fulldisclosure/2013/Apr/100
 [2]: https://github.com/phpmyadmin/phpmyadmin/commit/79089c9bc02c82c15419fd9d6496b8781ae08a5a

Could a CVE be assigned to this issue?

Regards,
Salvatore

Current thread:

CVE Request: Self-XSS in phpmyadmin fixed in 3.5.8 Salvatore Bonaccorso (Apr 09)
- Re: CVE Request: Self-XSS in phpmyadmin fixed in 3.5.8 Kurt Seifried (Apr 09)