[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE Request --- phpMyAdmin -- Multiple XSS flaws in versions v3.4.0 to v3.4.4 (PM
From: Josh Bressers <bressers () redhat ! com>
Date: 2011-09-30 17:43:00
Message-ID: ab2adc9a-dfc4-466e-8687-6b1ebbd815d5 () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]
Sorry this took so long, it's been a wild couple of weeks.
----- Original Message -----
> Hello Josh, Steve, vendors,
>
> multiple XSS flaws have been recently reported in the v3.4.4 (and
> earlier 3.4.X) version of phpMyAdmin (PMASA-2011-14):
>
> [1] http://www.phpmyadmin.net/home_page/security/PMASA-2011-14.php
>
> 1) An XSS flaw was found in the way phpMyAdmin processed row content,
> containing JavaScript code, after its inline editing and saving,
Use CVE-2011-3591
>
> 2) It was found that phpMyAdmin did not properly sanitize the content of
> db, table, and column names prior use of their values.
Use CVE-2011-3592
>
> A remote attacker could use these flaws to conduct XSS attacks (execute
> arbitrary HTML or web script) by tricking authenticated phpMyAdmin user
> into visiting of a specially-crafted URL.
>
> References:
> [2] http://secunia.com/advisories/45991/
> [3] https://bugzilla.redhat.com/show_bug.cgi?id=738681
Thanks.
--
JB
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic