Bug 1125264 (CVE-2014-4955) - CVE-2014-4955 phpMyAdmin: self-XSS due to unescaped HTML output in database triggers page (PMASA-2014-5)
Summary: CVE-2014-4955 phpMyAdmin: self-XSS due to unescaped HTML output in database t...
Keywords:
Status: CLOSED WONTFIX
Alias: CVE-2014-4955
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=moderate,public=20140717,repor...
Depends On:
Blocks: 1125268
TreeView+ depends on / blocked
 
Reported: 2014-07-31 13:12 UTC by Vasyl Kaigorodov
Modified: 2019-06-08 20:07 UTC (History)
9 users (show)

Fixed In Version: phpMyAdmin 4.0.10.1
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-09-07 04:32:09 UTC


Attachments (Terms of Use)

Description Vasyl Kaigorodov 2014-07-31 13:12:06 UTC
phpMyAdmin upstream released advisory [1] which fixes XSS in phpMyAdmin versions 4.0.x.
Upstream commit that fixes this issue could be found at [2]

[1]: http://www.phpmyadmin.net/home_page/security/PMASA-2014-5.php
[2]: https://github.com/phpmyadmin/phpmyadmin/commit/1b5592435617fa1b9dd68e2dc263de64c69fdc8a

Comment 1 Kurt Seifried 2014-09-07 04:32:09 UTC
This issue has been deferred.


Note You need to log in before you can comment on or make changes to this bug.