[Bug 896635] New: phpMyAdmin: XSRF/CSRF due to DOM based XSS in the micro history feature
https://bugzilla.novell.com/show_bug.cgi?id=896635 https://bugzilla.novell.com/show_bug.cgi?id=896635#c0 Summary: phpMyAdmin: XSRF/CSRF due to DOM based XSS in the micro history feature Classification: openSUSE Product: openSUSE 13.1 Version: Final Platform: All OS/Version: openSUSE 13.1 Status: NEW Severity: Normal Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: Andreas.Stieger@gmx.de QAContact: qa-bugs@suse.de CC: security-team@suse.de, chris@computersalat.de, ecsos@schirra.net Found By: --- Blocker: ---
From http://www.phpmyadmin.net/home_page/security/PMASA-2014-10.php
Announcement-ID: PMASA-2014-10 Date: 2014-09-13 Summary: XSRF/CSRF due to DOM based XSS in the micro history feature Description: By deceiving a logged-in user to click on a crafted URL, it is possible to perform remote code execution and in some cases, create a root account due to a DOM based XSS vulnerability in the micro history feature. Severity: We consider this vulnerability to be critical. Affected Versions: 4.0.x < 4.0.10.3 4.1.x < 4.1.14.4 4.2.x < 4.2.8.1 Current: openSUSE:13.1:Update 4.1.14.3 openSUSE:12.3:Update 4.1.14.3 server:php:applications 4.2.8.1 openSUSE:Factory: above submitted SLE 10: not shipped SLE 11: not shipped -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=896635
https://bugzilla.novell.com/show_bug.cgi?id=896635#c
Andreas Stieger
https://bugzilla.novell.com/show_bug.cgi?id=896635
https://bugzilla.novell.com/show_bug.cgi?id=896635#c1
Andreas Stieger
https://bugzilla.novell.com/show_bug.cgi?id=896635
https://bugzilla.novell.com/show_bug.cgi?id=896635#c2
--- Comment #2 from Christian Wittmer
https://bugzilla.novell.com/show_bug.cgi?id=896635
https://bugzilla.novell.com/show_bug.cgi?id=896635#c3
Andreas Stieger
Uhmmm, didn't thougt you will fix this. created #249179
No problem. Shall we just go with yours? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=896635
https://bugzilla.novell.com/show_bug.cgi?id=896635#c4
--- Comment #4 from Christian Wittmer
(In reply to comment #2)
Uhmmm, didn't thougt you will fix this. created #249179
No problem. Shall we just go with yours?
Ok, thanks. lets go with mine. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=896635
https://bugzilla.novell.com/show_bug.cgi?id=896635#c5
--- Comment #5 from Bernhard Wiedemann
participants (1)
-
bugzilla_noreply@novell.com