oss-sec mailing list archives
Re: CVE Request: Self-XSS in phpmyadmin fixed in 3.5.8
From: Kurt Seifried <kseifried () redhat com>
Date: Tue, 09 Apr 2013 11:17:07 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 04/09/2013 06:01 AM, Salvatore Bonaccorso wrote:
Hi Kurt New phpMyAdmin release (3.5.8) contains the following changelog entry: 3.5.8.0 (2013-04-08) - bug #3828 MariaDB reported as MySQL - bug #3854 Incorrect header for Safari 6.0 - bug #3705 Attempt to open trigger for edit gives NULL - Use HTML5 DOCTYPE - [security] Self-XSS on GIS visualisation page, reported by Janek Vind - bug #3800 Incorrect keyhandler behaviour #2 refering to a XSS vulnerability on the GIS visualisation page. [1] is the reference by Janek Vind, upstream commit afaics [2]. [1]: http://seclists.org/fulldisclosure/2013/Apr/100 [2]: https://github.com/phpmyadmin/phpmyadmin/commit/79089c9bc02c82c15419fd9d6496b8781ae08a5a Could a CVE be assigned to this issue? Regards, Salvatore
Please use CVE-2013-1937 for this issue (perfect CVE request BTW, thanks!). - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJRZE0SAAoJEBYNRVNeJnmTO5wQAKWUZnBtTi5F/xp0cakFX2rK 0NBhcT4NOAxJBdXcUDIAFHb2yfHLvYgTTjrIrSI10Rv+vEl594h51nzYaL427xVJ RmKc0Na86bvBd/UxMxXidE1sHb+bqSNAAWEw4UKd/+WHVyTc6BlzPpsVuU+chRI6 rQ+Iq0+8YWNqXYsRtHnLTEjdZ0B2PiPZGwu+bNA1j30BbXEz/mb6uJWLhCouBJvK 7w2gan8YMOa7g7JWg+eF0HIdJ2xLHzDxHKN2mAYt6U/t4t0W0ewsTcc61YvoAqx7 5IWoMcMq7g897Qayg0gbWsVVEQkKbQVLxpkklhn2PW3elai7LeOXcc5ZEAOqut9h Mhn0ZU4i9X1fIVFmKnbCERQ2aX5cCZKiWsm7k3TwrzlaevU9zK9hgM0dfZGeAc8E kSImV4ATW2AiO0KLBUepEB+FK00x8IvXzvlviIdVaNebvy9BdHIB2Br146tkVPQ9 eycb8gQDP+1P6IpA9iBQRTmQ2pBqlNXpc3pO156yDrQXAgBL8AW0q23lrjXI7iU8 Zni4c5sPjZNqCZoDUYMyovDwOit5OZpxxFa9tNqSnfHFxQdVgjViwJQj9GEmsSdV m2k/c+MQkEoyxUIFAzVOnpFtwmTpeHCfMrKZES1dVNn6kkfGW0frU2DbVJFuDvYH ANAayFplBv1LGSw03HBC =M3k7 -----END PGP SIGNATURE-----
Current thread:
- CVE Request: Self-XSS in phpmyadmin fixed in 3.5.8 Salvatore Bonaccorso (Apr 09)
- Re: CVE Request: Self-XSS in phpmyadmin fixed in 3.5.8 Kurt Seifried (Apr 09)