Bug ID 968940
Summary VUL-0: CVE-2016-2559: phpMyAdmin: Cross-site scripting (XSS) vulnerability in the format function inlibraries/sql-parser/src/Utils/Er...
Classification openSUSE
Product openSUSE Distribution
Version Leap 42.1
Hardware Other
OS Other
Status NEW
Severity Normal
Priority P5 - None
Component Security
Assignee chris@computersalat.de
Reporter abergmann@suse.com
QA Contact qa-bugs@suse.de
CC astieger@suse.com, lang@b1-systems.de
Found By Security Response Team
Blocker --- 

https://www.phpmyadmin.net/security/PMASA-2016-10/
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2559

Cross-site scripting (XSS) vulnerability in the format function in
libraries/sql-parser/src/Utils/Error.php in the SQL parser in phpMyAdmin 4.5.x
before 4.5.5.1 allows remote authenticated users to inject arbitrary web script
or HTML via a crafted query.

CVE-2016-2559 was assigned to this issue.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2559
https://github.com/phpmyadmin/phpmyadmin/commit/3a6a9a807d99371ee126635e1a505fc1fe0df32c
https://www.phpmyadmin.net/security/PMASA-2016-10/

You are receiving this mail because: