Summary: | <dev-db/phpmyadmin-3.4.9 Various XSS (CVE-2011-{4780,4782}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Michael Harrison <n0idx80> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | a3li, web-apps |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://sourceforge.net/news/?group_id=23067&id=305263 | ||
Whiteboard: | B4 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 389427 |
Description
Michael Harrison
2011-12-22 19:53:32 UTC
There's also http://www.phpmyadmin.net/home_page/security/PMASA-2011-20.php: Using crafted url parameters, it was possible to produce XSS on the export panels in the server, database and table sections. Arches, please test and mark stable: =dev-db/phpmyadmin-3.4.9 Target keywords : "alpha amd64 hppa ppc ppc64 sparc x86" amd64 stable x86 stable amd64 stable Stable for HPPA. ppc/ppc64 done CVE-2011-4782 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4782): Cross-site scripting (XSS) vulnerability in libraries/config/ConfigFile.class.php in the setup interface in phpMyAdmin 3.4.x before 3.4.9 allows remote attackers to inject arbitrary web script or HTML via the host parameter. alpha/sparc/x86 stable Thanks, folks. Closing noglsa for XSS. CVE-2011-4780 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4780): Multiple cross-site scripting (XSS) vulnerabilities in libraries/display_export.lib.php in phpMyAdmin 3.4.x before 3.4.9 allow remote attackers to inject arbitrary web script or HTML via crafted URL parameters, related to the export panels in the (1) server, (2) database, and (3) table sections. This issue was resolved and addressed in GLSA 201201-01 at http://security.gentoo.org/glsa/glsa-201201-01.xml by GLSA coordinator Tim Sammut (underling). |