oss-sec mailing list archives
CVE Request -- phpMyAdmin (x < v3.3.7) -- XSS in setup script (PMASA-2010-7)
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Wed, 08 Sep 2010 15:32:51 +0200
Hello Steve, vendors, phpMyAdmin today announced PMASA-2010-7, addressing one XSS issue: [1] http://www.phpmyadmin.net/home_page/security/PMASA-2010-7.php More from [1]: Summary: XSS attack on setup script Description: It was possible to conduct a XSS attack using spoofed request to setup script. Affected versions: For 3.x: versions before 3.3.7 are affected. Unaffected versions: Branch 2.11.x is not affected by this. Upstream changeset: http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=commitdiff;h=73ce5705bd1e0b62060f75702d62f88247ce09dd Credit: Upstream acknowledges the Tenable Network Security team as the original reporter. Further references: [2] http://secunia.com/advisories/41210/ [3] https://bugzilla.redhat.com/show_bug.cgi?id=631824 Upstream references CVE-2010-2958 as CVE id for this issue. But it was allocated for PMASA-2010-6: [4] http://www.openwall.com/lists/oss-security/2010/09/01/3 [5] http://www.phpmyadmin.net/home_page/security/PMASA-2010-6.php So could you allocate a new one for PMASA-2010-7? Thanks && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Current thread:
- CVE Request -- phpMyAdmin (x < v3.3.7) -- XSS in setup script (PMASA-2010-7) Jan Lieskovsky (Sep 08)
- Re: CVE Request -- phpMyAdmin (x < v3.3.7) -- XSS in setup script (PMASA-2010-7) Steven M. Christey (Sep 08)