| Bug ID | 899452 |
|---|---|
| Summary | phpMyAdmin: XSS vulnerabilities in table search and table structure pages. |
| Classification | openSUSE |
| Product | openSUSE Factory |
| Version | 201409* |
| Hardware | All |
| URL | http://www.phpmyadmin.net/home_page/security/PMASA-2014-11.php |
| OS | openSUSE 13.2 |
| Status | NEW |
| Severity | Normal |
| Priority | P5 - None |
| Component | Security |
| Assignee | Andreas.Stieger@gmx.de |
| Reporter | Andreas.Stieger@gmx.de |
| QA Contact | qa-bugs@suse.de |
| CC | chris@computersalat.de, ecsos@schirra.net, security-team@suse.de |
| Found By | --- |
| Blocker | --- |
http://www.phpmyadmin.net/home_page/news.php#phpMyAdmin_4.0.10.4__4.1.14.5_and_4.2.9.1_are_released phpMyAdmin 4.0.10.4, 4.1.14.5 and 4.2.9.1 contain security fixes. >From http://www.phpmyadmin.net/home_page/security/PMASA-2014-11.php Announcement-ID: PMASA-2014-11, 2014-10-01 Summary: XSS vulnerabilities in table search and table structure pages. With a crafted ENUM value it is possible to trigger an XSS in table search and table structure pages. Severity: Considered non critical, via logged in user only. Affected: 4.0.x < 4.0.10.4 Affected: 4.1.x < 4.1.14.5 (openSUSE 13.1, 12.3) Affected: 4.2.x < 4.2.9.1 (openSUSE 13.2, Factory) CVE-2014-7217 CWE-661 CWE-79