[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE request: phppgadmin before 5.0.4 XSS
From: Henri Salo <henri () nerv ! fi>
Date: 2012-03-30 8:47:16
Message-ID: 20120330084716.GA16472 () kludge ! henri ! nerv ! fi
[Download RAW message or body]
On Wed, Mar 28, 2012 at 11:09:17PM -0600, Kurt Seifried wrote:
> On 03/28/2012 08:26 AM, Hanno Böck wrote:
> > phppgadmin 5.0.4 fixes an xss, please assign CVE.
> >
> > https://github.com/phppgadmin/phppgadmin/commit/e92a003624609a445c4cf57c9c3d1fcef0eae47c#diff-0
> >
> > "Fix XSS in function.php, reported by Mateusz Goik"
> >
>
> Please use CVE-2012-1600 for this issue. Is there a link for the code
> change?
"""
Fix XSS in function.php, reported by Mateusz Goik.
I'm not sure why the name and the type the functions were not escaped
*on purpose* here. There's no more reason here than in any other place
with other PostgreSQL objects to not escape the name or the type...
"""
https://github.com/phppgadmin/phppgadmin/commit/74174ad639664b52cc1609ede0af8bc403e98a00
- Henri Salo
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic