oss-sec mailing list archives
Re: CVE request: phppgadmin before 5.0.4 XSS
From: Henri Salo <henri () nerv fi>
Date: Fri, 30 Mar 2012 11:47:16 +0300
On Wed, Mar 28, 2012 at 11:09:17PM -0600, Kurt Seifried wrote:
On 03/28/2012 08:26 AM, Hanno Böck wrote:phppgadmin 5.0.4 fixes an xss, please assign CVE. https://github.com/phppgadmin/phppgadmin/commit/e92a003624609a445c4cf57c9c3d1fcef0eae47c#diff-0 "Fix XSS in function.php, reported by Mateusz Goik"Please use CVE-2012-1600 for this issue. Is there a link for the code change?
""" Fix XSS in function.php, reported by Mateusz Goik. I'm not sure why the name and the type the functions were not escaped *on purpose* here. There's no more reason here than in any other place with other PostgreSQL objects to not escape the name or the type... """ https://github.com/phppgadmin/phppgadmin/commit/74174ad639664b52cc1609ede0af8bc403e98a00 - Henri Salo
Current thread:
- CVE request: phppgadmin before 5.0.4 XSS Hanno Böck (Mar 28)
- Re: CVE request: phppgadmin before 5.0.4 XSS Kurt Seifried (Mar 28)
- Re: CVE request: phppgadmin before 5.0.4 XSS Henri Salo (Mar 30)
- Re: CVE request: phppgadmin before 5.0.4 XSS Kurt Seifried (Mar 28)