1125264 – (CVE-2014-4955) CVE-2014-4955 phpMyAdmin: self-XSS due to unescaped HTML output in database triggers page (PMASA-2014-5)

Bug 1125264 (CVE-2014-4955) - CVE-2014-4955 phpMyAdmin: self-XSS due to unescaped HTML output in database triggers page (PMASA-2014-5)

Summary: CVE-2014-4955 phpMyAdmin: self-XSS due to unescaped HTML output in database t...

Keywords:
Status:	CLOSED WONTFIX
Alias:	CVE-2014-4955
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1125268
TreeView+	depends on / blocked

Reported:	2014-07-31 13:12 UTC by Vasyl Kaigorodov
Modified:	2019-09-29 13:20 UTC (History)
CC List:	9 users (show)
Fixed In Version:	phpMyAdmin 4.0.10.1
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2014-09-07 04:32:09 UTC
Embargoed:

Attachments	(Terms of Use)

Description Vasyl Kaigorodov 2014-07-31 13:12:06 UTC

phpMyAdmin upstream released advisory [1] which fixes XSS in phpMyAdmin versions 4.0.x.
Upstream commit that fixes this issue could be found at [2]

[1]: http://www.phpmyadmin.net/home_page/security/PMASA-2014-5.php
[2]: https://github.com/phpmyadmin/phpmyadmin/commit/1b5592435617fa1b9dd68e2dc263de64c69fdc8a

Comment 1 Kurt Seifried 2014-09-07 04:32:09 UTC

This issue has been deferred.

Note You need to log in before you can comment on or make changes to this bug.