Comment 1 Agostino Sarubbo 2012-04-03 16:05:19 UTC

Description
A vulnerability has been reported in phpPgAdmin, which can be exploited by malicious users to conduct script insertion attacks.

Certain unspecified input related to functions is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed.

The vulnerability is reported in version 5.0.3. Prior versions may also be affected.


Solution
Update to version 5.0.4.

Comment 2 Aaron W. Swenson 2012-06-08 17:06:09 UTC

*phppgadmin-5.0.4 (08 Jun 2012)

  08 Jun 2012; Aaron W. Swenson <titanofold@gentoo.org>
  +phppgadmin-5.0.4.ebuild:
  Version bump.

Comment 3 Jeroen Roovers (RETIRED) 2012-06-09 14:08:01 UTC

Arch teams, please test and mark stable:
=dev-db/phppgadmin-5.0.4
Target KEYWORDS="amd64 hppa ppc x86"

Comment 4 Agostino Sarubbo 2012-06-11 09:20:11 UTC

amd64 stable

Comment 5 Jeroen Roovers (RETIRED) 2012-06-11 11:16:53 UTC

Stable for HPPA.

Comment 6 Andreas Schürch 2012-06-13 11:59:55 UTC

x86 stable, thanks

Comment 7 Michael Weber (RETIRED) 2012-07-08 21:00:34 UTC

ppc stable, last arch.

Comment 8 Agostino Sarubbo 2012-07-08 21:05:54 UTC

@security: please vote

Comment 9 Tim Sammut (RETIRED) 2012-08-14 05:46:28 UTC

Thanks, folks. Closing noglsa for XSS.