Summary: | <dev-db/phpmyadmin-{4.1.14.2,4.2.7}: XSS (CVE-2014-{4348,4349}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Hanno Böck <hanno> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | a3li, cyberbat83, jmbsvicetto |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.phpmyadmin.net/home_page/security/ | ||
Whiteboard: | B4 [noglsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 520142 | ||
Bug Blocks: |
Description
Hanno Böck
2014-06-24 11:04:15 UTC
CVE-2014-4349 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4349): Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.1.x before 4.1.14.1 and 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted table name that is improperly handled after a (1) hide or (2) unhide action. CVE-2014-4348 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4348): Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database name or (2) table name that is improperly handled after presence in (a) the favorite list or (b) recent tables. 12:34 < irker982> gentoo-x86: jmbsvicetto dev-db/phpmyadmin: Bump to versions 4.0.10.1, 4.1.14.2 and 4.2.7. Fixes bug 514894, 517858 and 519342. 4.1.14.2 and 4.2.7 are now in the tree. Stabilization is happening as part of bug 517858 A new vulnerability has been found, and the new versions come with this. No Stabilization needs to happen as part of this bug, moving it to Bug 520142, and setting it as blocker. Vulnerable Versions not in Tree anymore. Closing no GLSA for Cross Site Scripting |