Bug ID | 908364 |
---|---|
Summary | CVE-2014-9219: phpMyAdmin: XSS vulnerability in redirection mechanism |
Classification | openSUSE |
Product | openSUSE Distribution |
Version | 13.2 |
Hardware | All |
URL | http://www.phpmyadmin.net/home_page/security/PMASA-2014-18.php |
OS | openSUSE 13.2 |
Status | NEW |
Severity | Normal |
Priority | P5 - None |
Component | Security |
Assignee | security-team@suse.de |
Reporter | Andreas.Stieger@gmx.de |
QA Contact | qa-bugs@suse.de |
CC | chris@computersalat.de, ecsos@schirra.net |
Found By | --- |
Blocker | --- |
From http://www.phpmyadmin.net/home_page/security/PMASA-2014-18.php > Announcement-ID: PMASA-2014-18 > Date: 2014-12-03 > Summary: XSS vulnerability in redirection mechanism. > Description: With a crafted URL it was possible to trigger an XSS in the redirection mechanism in phpMyAdmin. > > Severity: We consider this vulnerability to be non critical. > Affected Versions: Versions 4.2.x (prior to 4.2.13.1) are affected. > Solution: Upgrade to phpMyAdmin 4.2.13.1 or newer, or apply the patch listed below. > Assigned CVE ids: CVE-2014-9219 > CWE ids: CWE-661 CWE-79 > Patches: 9b2479b7216dd91a6cc2f231c0fd6b85d457f6e2