|Main Archive Page > Month Archives > oss-security archives|
Sorry this took so long, it's been a wild couple of weeks.
----- Original Message -----
> Hello Josh, Steve, vendors,
> multiple XSS flaws have been recently reported in the v3.4.4 (and
> earlier 3.4.X) version of phpMyAdmin (PMASA-2011-14):
>  http://www.phpmyadmin.net/home_page/security/PMASA-2011-14.php
> 1) An XSS flaw was found in the way phpMyAdmin processed row content,
> 2) It was found that phpMyAdmin did not properly sanitize the content of
> db, table, and column names prior use of their values.
> A remote attacker could use these flaws to conduct XSS attacks (execute
> arbitrary HTML or web script) by tricking authenticated phpMyAdmin user
> into visiting of a specially-crafted URL.
>  http://secunia.com/advisories/45991/
>  https://bugzilla.redhat.com/show_bug.cgi?id=738681