http://bugzilla.novell.com/show_bug.cgi?id=899452 Bug ID: 899452 Summary: phpMyAdmin: XSS vulnerabilities in table search and table structure pages. Classification: openSUSE Product: openSUSE Factory Version: 201409* Hardware: All URL: http://www.phpmyadmin.net/home_page/security/PMASA-201 4-11.php OS: openSUSE 13.2 Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: Andreas.Stieger@gmx.de Reporter: Andreas.Stieger@gmx.de QA Contact: qa-bugs@suse.de CC: chris@computersalat.de, ecsos@schirra.net, security-team@suse.de Found By: --- Blocker: --- http://www.phpmyadmin.net/home_page/news.php#phpMyAdmin_4.0.10.4__4.1.14.5_a... phpMyAdmin 4.0.10.4, 4.1.14.5 and 4.2.9.1 contain security fixes.
From http://www.phpmyadmin.net/home_page/security/PMASA-2014-11.php Announcement-ID: PMASA-2014-11, 2014-10-01 Summary: XSS vulnerabilities in table search and table structure pages.
With a crafted ENUM value it is possible to trigger an XSS in table search and table structure pages. Severity: Considered non critical, via logged in user only. Affected: 4.0.x < 4.0.10.4 Affected: 4.1.x < 4.1.14.5 (openSUSE 13.1, 12.3) Affected: 4.2.x < 4.2.9.1 (openSUSE 13.2, Factory) CVE-2014-7217 CWE-661 CWE-79 -- You are receiving this mail because: You are on the CC list for the bug.